[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

US20150188703A1 - Key processing method and apparatus - Google Patents

Key processing method and apparatus Download PDF

Info

Publication number
US20150188703A1
US20150188703A1 US14/577,739 US201414577739A US2015188703A1 US 20150188703 A1 US20150188703 A1 US 20150188703A1 US 201414577739 A US201414577739 A US 201414577739A US 2015188703 A1 US2015188703 A1 US 2015188703A1
Authority
US
United States
Prior art keywords
segment
time
private key
parameter
sub
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/577,739
Inventor
Jia Yu
Xiangguo CHENG
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Assigned to HUAWEI TECHNOLOGIES CO., LTD. reassignment HUAWEI TECHNOLOGIES CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHENG, XIANGGUO, YU, JIA
Publication of US20150188703A1 publication Critical patent/US20150188703A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/24Key scheduling, i.e. generating round keys or sub-keys for block encryption

Definitions

  • the present application relates to the field of information processing technologies, and in particular, to a key processing method and apparatus.
  • Key update is an effective way of reducing the harm caused by key leakage and improving security.
  • keys primarily include public keys and private keys, and updating a key primarily refers to updating a private key.
  • An existing solution to implementation of key update is as follows: by using an idea of an intrusion tolerance technology, a life cycle of a key is divided into multiple time segments, each time segment is subdivided into multiple time sub-segments, and a public key remains unchanged throughout the life cycle; upon entry to each time sub-segment of each time segment, a user equipment is triggered to update a private key by using an update message provided by a security device, so that even if an intruder intrudes into the user equipment or the security device, so long as the intrusion is not launched in a same time sub-segment of a same time segment, the intruder is unable to calculate keys of a user in other time segments, thereby reducing harm caused by key leakage.
  • the inventor finds that in a key update operation based on this intrusion tolerance technology, how to implement simplicity and flexibility of the key update operation is a technical problem that a person skilled in the art urgently needs to solve currently.
  • the present application provides a key processing method and apparatus to implement flexibility of updating a key and simplicity of operations.
  • a first aspect provides a key processing method, including:
  • a user's private key of a 0 th time sub-segment of a 0 th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group of bilinear mapping and is obtained by performing a Hash operation on a time index value of the 0 th time sub-segment of the 0 th time segment.
  • the update parameter of the r th time sub-segment of the i th time segment is generated by the security device by using a device's private key of the r th time sub-segment of the i th time segment, where a device's private key of the 0 th time sub-segment of the 0 th time segment is a second random parameter randomly selected from the preset value set; and the device's private key of the r th time sub-segment of the i th time segment is generated by using a device's private key of the (r ⁇ 1) th time sub-segment of the i th time segment or the last time sub-segment of the (i ⁇ 1) th time segment, and a third random parameter randomly selected from the preset value set; and
  • the user's private key of the 0 th time sub-segment of the 0 th time segment is specifically generated by using the first random parameter, the device's private key of the 0 th time sub-segment of the 0 th time segment, and the key Hash value.
  • a second possible implementation manner of the first aspect is further provided, where a user's private key includes a first private key parameter and a second private key parameter, and the update parameter includes a first update parameter and a second update parameter;
  • a user's private key of the r th time sub-segment of the i th time segment by using the update parameter generated when the security device enters the r th time sub-segment of the i th time segment, a user's private key of a last time sub-segment of an (i ⁇ 1) th time segment, and time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment includes:
  • the element data by performing a Hash operation on the time index values of the r th time sub-segment and the (r ⁇ 1) th time sub-segment of the i th time segment, where the element data belongs to the first cyclic group; generating the first private key parameter of the r th time sub-segment of the i th time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the r th time sub-segment of the i th time segment, and a first private key parameter and a second private key parameter of the (r ⁇ 1) th time sub-segment of the i th time segment; and
  • a third possible implementation manner of the first aspect is further provided, where: the obtaining, when r is 0, element data by performing a Hash operation on the time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment, where the element data belongs to the first cyclic group; generating a first private key parameter of the r th time sub-segment of the i th time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the r th time sub-segment of the i th time segment, and a first private key parameter and a second private key parameter of the last time sub-segment of the (i ⁇ 1) th time segment; and
  • generating a second private key parameter of the r th time sub-segment of the i th time segment by using the second private key parameter of the last time sub-segment of the (i ⁇ 1) th time segment and the second update parameter generated when the security device enters the r th time sub-segment of the i th time segment includes:
  • the first private key update formula includes:
  • S i,r represents the first private key parameter of the r th time sub-segment of the i th time segment
  • u i,r represents the second private key parameter of the r th time sub-segment of the i th time segment
  • SKR i,r represents the first update parameter of the r th time sub-segment of the i th time segment, and ⁇ represents the second update parameter of the r th time sub-segment of the i th time segment;
  • RN[i ⁇ 1] represents the time index value of the last time sub-segment of the (i ⁇ 1) th time segment
  • H 1 (i,r) represents the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values i and r
  • H 1 (i ⁇ 1, RN[i ⁇ 1]) represents the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values i ⁇ 1 and RN[i ⁇ 1];
  • generating the first private key parameter of the r th time sub-segment of the i th time segment by using the second private key parameter of the (r ⁇ 1) th time sub-segment of the i th time segment and the second update parameter generated when the security device enters the r th time sub-segment of the i th time segment includes:
  • the second private key update formula is:
  • H 1 (i,r ⁇ 1) represents the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values i and r ⁇ 1;
  • the user's private key of the 0 th time sub-segment of the 0 th time segment is specifically generated according to a key generation formula by using the first random parameter, the device's private key of the 0 th time sub-segment of the 0 th time segment, and the key Hash value, where:
  • S 0,0 represents a first private key parameter of the 0 th time sub-segment of the 0th time segment
  • u 0,0 is the first random parameter
  • the first random parameter is a second private key parameter of the 0 th time sub-segment of the 0 th time segment
  • H 1 (0, 0) is a Hash value of the 0 th time sub-segment of the 0 th time segment
  • b 0,0 is the device's private key of the 0 th time sub-segment of the 0 th time segment.
  • a fourth possible implementation manner of the first aspect is further provided, where the second update parameter is the third random parameter;
  • the first update parameter is specifically generated by the security device according to a first parameter generation formula by using the device's private key of the r th time sub-segment of the i th time segment, the device's private key of the last time sub-segment of the (i ⁇ 1) th time segment, and the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment, where
  • the first parameter generation formula is:
  • the first update parameter is specifically generated by the security device according to a second parameter generation formula by using the device's private key of the r th time sub-segment of the i th time segment, the device's private key of the (r ⁇ 1) th time sub-segment of the i th time segment, and the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the r th time sub-segment and the (r ⁇ 1) q ′ time sub-segment of the i th time segment, where:
  • the second parameter generation formula is:
  • a fifth possible implementation manner of the first aspect is further provided, where the method further includes:
  • the preset value set is Z* q , where Z* q represents a remainder set that does not include a value 0 and is obtained by performing a modulo operation between of an integer set Z and q.
  • a sixth possible implementation manner of the first aspect is further provided, where the method further includes:
  • a seventh possible implementation manner of the first aspect is further provided, where the user's public key is generated according to a public key generation formula by using a generator of the first cyclic group, and the device's private key and the first private key parameter of the 0 th time sub-segment of the 0 th time segment, where the public key generation formula is:
  • PK B is a first public key parameter
  • P pub is a second public key parameter
  • P is the generator of the first cyclic group
  • the ciphertext is specifically obtained according to an encryption formula, where the encryption formula is:
  • V M ⁇ H 2 ( e ( P pub +PK B ,H 1 ( i,r )) x );
  • H 2 (e(P pub +PK B , H 1 (i,r) x ) represents element data that belongs to the second cyclic group and is obtained by performing a Hash operation on e(P pub +PK B ,H 1 (i,r)) x ;
  • the decrypting the ciphertext by using a user's private key corresponding to the time index value, so as to obtain the target data is specifically: obtaining the target data according to a decryption formula by using the user's private key corresponding to the time index value, where the decryption formula is:
  • H 2 (e(U,S i,r )) represents the element data that belongs to the second cyclic group and is obtained by performing a Hash operation on e(U,S i,r ).
  • a second aspect provides a key processing method, including:
  • a user's private key of a 0 th time sub-segment of a 0 th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group and is obtained by performing a Hash operation on a time index value of the 0 th time sub-segment of the 0 th time segment.
  • the update parameter includes a first update parameter and a second update parameter
  • a user's private key includes a first private key parameter and a second private key parameter
  • the generating an update parameter when a security device enters an r th time sub-segment of an i th time segment includes:
  • the first parameter generation formula is:
  • b i,r represents the device's private key of the r th time sub-segment of the i th time segment
  • b i-1,RN[i-1] represents the device's private key of the last time sub-segment of the (i ⁇ 1) th time segment
  • b i,r b+ ⁇
  • is a third random parameter randomly selected from the preset value set
  • the update parameter according to a second parameter generation formula by using the device's private key of the r th time sub-segment of the i th time segment, the device's private key of the (r ⁇ 1) th time sub-segment of the i th time segment, and the time index values of the r th time sub-segment and the (r ⁇ 1) th time sub-segment of the i th time segment, where:
  • the second parameter generation formula is:
  • a third aspect provides a key processing apparatus, including:
  • an obtaining unit configured to obtain a private key update message provided by a security device, where the private key update message includes an update parameter generated when the security device enters an r th time sub-segment of an i th time segment, where i and r represent time index values and both are integers greater than or equal to 0;
  • a first updating unit configured to: generate, when r is 0, a user's private key of the r th time sub-segment of the i th time segment by using the update parameter generated when the security device enters the r th time sub-segment of the i th time segment, a user's private key of a last time sub-segment of an (i ⁇ 1) th time segment, and time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment; and
  • a second updating unit configured to: generate, when r is greater than 0, the user's private key of the r th time sub-segment of the i th time segment by using the update parameter generated when the security device enters the r th time sub-segment of the i th time segment, a user's private key of an (r ⁇ 1) th time sub-segment of the i th time segment, and time index values of the r th time sub-segment and the (r ⁇ 1) th time sub-segment of the i th time segment, where:
  • a user's private key of a 0 th time sub-segment of a 0 th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group of bilinear mapping and is obtained by performing a Hash operation on a time index value of the 0 th time sub-segment of the 0 th time segment.
  • the update parameter of the r th time sub-segment of the i th time segment is generated by the security device by using a device's private key of the r th time sub-segment of the i th time segment, where a device's private key of the 0 th time sub-segment of the 0 th time segment is a second random parameter randomly selected from the preset value set; and the device's private key of the r th time sub-segment of the i th time segment is generated by using a device's private key of the (r ⁇ 1) th time sub-segment of the i th time segment or the last time sub-segment of the (i ⁇ 1) th time segment, and a third random parameter randomly selected from the preset value set; and
  • the user's private key of the 0 th time sub-segment of the 0 th time segment is specifically generated by using the first random parameter, the device's private key of the 0 th time sub-segment of the 0 th time segment, and the key Hash value.
  • a first possible implementation manner of the third aspect is further provided, where a user's private key includes a first private key parameter and a second private key parameter, and the update parameter includes a first update parameter and a second update parameter;
  • the first updating unit is specifically configured to: obtain, when r is 0, element data by performing a Hash operation on the time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment, where the element data belongs to the first cyclic group; generate a first private key parameter of the r th time sub-segment of the i th time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the r th time sub-segment of the i th time segment, and a first private key parameter and a second private key parameter of the last time sub-segment of the (i ⁇ 1) th time segment; and, generate a second private key parameter of the r th time sub-segment of the i th time segment by using the second update parameter generated when the security device enters the r th time sub-segment of the i th
  • the second updating unit is specifically configured to: obtain, when r is greater than 0, the element data by performing a Hash operation on the time index values of the r th time sub-segment and the (r ⁇ 1) th time sub-segment of the i th time segment, where the element data belongs to the first cyclic group; generate the first private key parameter of the r th time sub-segment of the i th time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the r th time sub-segment of the i th time segment, and a first private key parameter and a second private key parameter of the (r ⁇ 1) th time sub-segment of the i th time segment; and generate the first private key parameter of the r th time sub-segment of the i th time segment by using the second private key parameter of the (r ⁇ 1) th time sub-segment of the i th time segment and the second
  • a third possible implementation manner of the third aspect is further provided, which further includes:
  • a cyclic group generating unit configured to generate a q th -order first cyclic group G1 and a q th -order second cyclic group G2 according to a security parameter k, so that the two q th -order cyclic groups satisfy bilinear mapping e: G1 ⁇ G1 ⁇ G2, where q is a prime number, and k is a bit length of q, where:
  • the preset value set is Z* q , where Z* q represents a remainder set that does not include a value 0 and is obtained by performing a modulo operation between an integer set Z and q.
  • a fourth possible implementation manner of the third aspect is further provided, which further includes:
  • a decrypting unit configured to: decrypt, when a ciphertext obtained by encrypting target data by using a public key and a target time index value is received, the ciphertext by using a user's private key corresponding to the target time index value, so as to obtain the target data.
  • a fourth aspect provides a key processing apparatus, including:
  • an update parameter generating unit configured to: generate an update parameter upon entry into an r th time sub-segment of an i th time segment, and send the update parameter to a user equipment, where the update parameter is used to instruct the user equipment to: when r is 0, generate a user's private key of the r th time sub-segment of the i th time segment by using the update parameter, a user's private key of a last time sub-segment of an (i ⁇ 1) th time segment, and time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment; and, when r is greater than 0, generate the user's private key of the r th time sub-segment of the i th time segment by using the update parameter, a user's private key of an (r ⁇ 1) th time sub-segment of the i th time segment, and time index values
  • a user's private key of a 0 th time sub-segment of a 0 th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group and is obtained by performing a Hash operation on a time index value of the 0 th time sub-segment of the 0 th time segment.
  • the update parameter includes a first update parameter and a second update parameter
  • a user's private key includes a first private key parameter and a second private key parameter
  • the update parameter generating unit includes:
  • the first parameter generation formula is:
  • b i,r represents the device's private key of the r th time sub-segment of the i th time segment
  • b i-1,RN[i-1] represents the device's private key of the last time sub-segment of the (i ⁇ 1) th time segment
  • b i,r b i-1,RN[i-1] + ⁇
  • is a third random parameter randomly selected from the preset value set
  • a second generating unit configured to: generate, when the time index value r is greater than 0, the update parameter according to a second parameter generation formula by using the device's private key of the r th time sub-segment of the i th time segment, the device's private key of the (r ⁇ 1) th time sub-segment of the i th time segment, and the time index values of the r th time sub-segment and the (r ⁇ 1) th time sub-segment of the i th time segment, where
  • the second parameter generation formula is:
  • a user equipment obtains an update parameter generated by a security device in an r th time sub-segment of an i th time segment; when r is 0, generates a user's private key of the r th time sub-segment of the i th time segment by using the update parameter, a user's private key of a last time sub-segment of an (i ⁇ 1) th time segment, and time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment; and when r is greater than 0, generates the user's private key of the r th time sub-segment of the i th time segment by using the update parameter, a user's private key of an (r ⁇ 1) th time sub-segment of the i th time segment, and time index values of the r th time sub-s
  • a user's private key of a 0 th time sub-segment of a 0 th time segment is generated by using a preset value set and data in a first cyclic group of bilinear mapping.
  • a bit length of a user's private key generated by using bilinear mapping is short.
  • a private key can be updated by using a parameter of a time sub-segment previous to a current time sub-segment, without a need of increasing a key length, which is simple and highly efficient.
  • the update and the generation of the private key are irrelevant to a life cycle of the key, and can be implemented only by using a time index value. Therefore, the life cycle of the key can be changed according to an actual application condition, which improves flexibility of updating the key.
  • FIG. 1 is a flowchart of an embodiment of a key processing method according to an embodiment of the present application
  • FIG. 2 is a flowchart of another embodiment of a key processing method according to an embodiment of the present application
  • FIG. 3 is a flowchart of another embodiment of a key processing method according to an embodiment of the present application.
  • FIG. 4 is a schematic structural diagram of an embodiment of a key processing apparatus according to an embodiment of the present application.
  • FIG. 5 is a schematic structural diagram of an embodiment of a user equipment according to an embodiment of the present application.
  • FIG. 6 is a schematic structural diagram of another embodiment of a key processing apparatus according to an embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of an embodiment of a security device according to an embodiment of the present application.
  • One of main ideas of the embodiments of the present application includes: obtaining, by a user equipment, an update parameter generated by a security device in an r th time sub-segment of an i th time segment; generating, when r is 0, a user's private key of the r th time sub-segment of the i th time segment by using the update parameter, a user's private key of a last time sub-segment of an (i ⁇ 1) time segment, and time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment; and generating, when r is greater than 0, the user's private key of the r th time sub-segment of the i th time segment by using the update parameter, a user's private key of an (r ⁇ 1) th time sub-segment of the i th time segment, and time index values of the r th
  • a bit length of a user's private key generated by using bilinear mapping is short.
  • a private key can be updated by using a parameter of a time sub-segment previous to a current time sub-segment, without a need of increasing a key length, which is simple and highly efficient.
  • the update and the generation of the private key are irrelevant to a life cycle of the key, and can be implemented only by using a time index value. Therefore, the life cycle of the key can be changed according to an actual application condition, which improves flexibility of updating the key.
  • FIG. 1 is a flowchart of an embodiment of a key processing method according to an embodiment of the present application. The method may include the following steps:
  • a user equipment obtains a private key update message provided by a security device.
  • the private key update message includes an update parameter generated when the security device enters an r th time sub-segment of an i th time segment, where i and r are two time index values and both are integers greater than or equal to 0.
  • This embodiment of the present application is implemented by using an idea of an intrusion tolerance technology.
  • a life cycle of a key is divided into multiple time segments, and each time segment is subdivided into multiple time sub-segments.
  • a private key of each time sub-segment of each time segment is updated.
  • a value of r is 0, 1, 2 . . . N ⁇ 1.
  • This embodiment of the present application is primarily applied to an asymmetric key encryption solution, in which a public key is public, and a sender of a message uses the public key to encrypt the message; a private key is known to only a receiver of the message, and the receiver uses the private key to decrypt the encrypted message, thereby ensuring transmission security of the message.
  • a public key is public
  • a sender of a message uses the public key to encrypt the message
  • a private key is known to only a receiver of the message, and the receiver uses the private key to decrypt the encrypted message, thereby ensuring transmission security of the message.
  • the security device is a device used to assist implementation of update of the private key, and, in different actual application scenarios, may be applied to a message sending side.
  • the security device generates an update parameter in every time sub-segment of every time segment to trigger update of the private key.
  • a user's private key of a 0 th time sub-segment of a 0 th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group of bilinear mapping and is obtained by performing a Hash operation on a time index value of the 0 th time sub-segment of the 0 th time segment.
  • the user's private key of the 0 th time sub-segment of the 0 th time segment refers to an initial user's private key. With increase of time, the initial user's private key needs to be updated to reduce harm caused by private key leakage to security.
  • the initial user's private key is generated based on a first cyclic group of bilinear mapping. The key length generated by using bilinear mapping is fixed.
  • Arithmetic operations may be performed on the first random parameter and the key Hash value to obtain the initial user's private key.
  • r When r is 0, generate a user's private key of the r th time sub-segment of the i th time segment by using the update parameter generated when the security device enters the r th time sub-segment of the i th time segment, a user's private key of a last time sub-segment of an (i ⁇ 1) th time segment, and time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment.
  • r When r is greater than 0, generate the user's private key of the r th time sub-segment of the i th time segment by using the update parameter generated when the security device enters the r th time sub-segment of the i th time segment, a user's private key of an (r ⁇ 1) th time sub-segment of the i th time segment, and time index values of the r th time sub-segment and the (r ⁇ 1) th time sub-segment of the i th time segment.
  • the private key update performed in the r th time sub-segment of the i th time segment may come in two scenarios depending on the value of r, and therefore, a user's private key of each time sub-segment is generated according to a user's private key of a previous time sub-segment.
  • the previous time sub-segment when r is 0, refers to the last time sub-segment of a previous time segment (the (i ⁇ 1) th time segment); and, when r is greater than 0, refers to a previous time sub-segment (the (r ⁇ 1) th time sub-segment) of a current time segment (the i th time segment).
  • the update parameter By using the update parameter, the user's private key of the previous time sub-segment, and the time index value, the update of the user's private key of the r th time sub-segment of the i th time segment can be generated.
  • the user's private key may be obtained by using arithmetic operations.
  • a user's private key of a 0 th time sub-segment of a 0 th time segment is generated by using a preset value set and data in a first cyclic group of bilinear mapping; when an update parameter of a security device is received upon entry into an r th time sub-segment of an i th time segment, a user's private key of the r th time sub-segment of the i th time segment can be generated by using a user's private key of an (r ⁇ 1) th time sub-segment of an i th time segment or a last time sub-segment of an (i ⁇ 1) th time segment, the update parameter, and a time index value.
  • the user's private key of the 0 th time sub-segment of the 0 th time segment is generated by using bilinear mapping.
  • a bit length of a user's private key generated by using bilinear mapping is short, which simplifies calculation.
  • a private key can be updated by using a parameter of a time sub-segment previous to a current time sub-segment, which is simple and highly efficient.
  • the update and the generation of the private key are irrelevant to a life cycle of the key, and can be implemented only by using a time index value. Therefore, the life cycle of the key can be changed according to an actual application condition, which improves flexibility of updating the key.
  • a value included in the preset value set may be specifically a value that has a fixed bit length.
  • Element data in the first cyclic group is also element data that has a fixed bit length.
  • the user's private key of the r th time sub-segment of the i th time segment belongs to the preset value set or the first cyclic group, thereby preventing the bit length of the updated user's private key from increasing with increase of time, further reducing operation complexity, and improving update efficiency.
  • the first cyclic group may be generated in advance according to a security parameter k.
  • Two q th -order cyclic groups that is, a first cyclic group G1 and a second cyclic group G2, may be generated according to the security parameter k, so that the two q th -order cyclic groups satisfy bilinear mapping e: G1 ⁇ G1 ⁇ G2, where the first cyclic group G1 is a bilinear mapping cyclic group, k is a natural number, q is a prime number, and k is specifically a bit length of q.
  • a generator of the first cyclic group is p.
  • the key Hash value is the element data that belongs to the first cyclic group of bilinear mapping and is obtained by performing a Hash operation on the time index value (0, 0) of the 0 th time sub-segment of the 0 th time segment. That is, (0, 0) is mapped into the first cyclic group by using the Hash operation, that is, belongs to element data in the first cyclic group.
  • the update parameter generated by the security device in the r th time sub-segment of the i th time segment may be generated by using a device's private key of the r th time sub-segment of the i th time segment.
  • the user equipment already knows a device's public key of the security device, and therefore, according to the device's public key, identifies whether the received update parameter is sent by the security device, so as to prevent intrusion of an intruder.
  • the device's private key of the 0 th time sub-segment of the 0 th time segment is a second random parameter randomly selected from the preset value set; when r is 0, the device's private key of the r th time sub-segment of the i th time segment is generated according to a device's private key of the (r ⁇ 1) th time sub-segment of the i th time segment and a third random parameter randomly selected from the preset value set; when r is greater than 0, the device's private key of the r th time sub-segment of the i th time segment is generated according to a device's private key of the last time sub-segment of the (i ⁇ 1) th time segment and the third random parameter randomly selected from the preset value set.
  • a device's private key of a current time sub-segment includes the third random parameter and a device's private key of a previous time sub-segment.
  • the user's private key of the 0 th time sub-segment of the 0 th time segment may be specifically generated by using the first random parameter, the device's private key of the 0 th time sub-segment of the 0 th time segment, and a Hash value.
  • a user's private key may consist of multiple private key parameters. Therefore, in another embodiment, the user's private key may include a first private key parameter and a second private key parameter, where the first private key parameter is primarily used to decrypt a ciphertext.
  • the update parameter generated by the security device may specifically include a first update parameter and a second update parameter.
  • the second update parameter may be specifically used to generate the third random parameter of a device's private key.
  • the first update parameter may be generated by the security device by using the device's private key of the r th time sub-segment of the i th time segment, the device's private key of the last time sub-segment of the (i ⁇ 1) th time segment, and the time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment.
  • step 102 may include:
  • the first update parameter may be generated by the security device by using the device's private key of the r th time sub-segment of the i th time segment, the device's private key of the (r ⁇ 1) th time sub-segment of the i th time segment, and the time index values of the r th time sub-segment and the (r ⁇ 1) th time sub-segment of the i th time segment.
  • step 103 may include:
  • the element data that belongs to the first cyclic group may be obtained by performing a Hash operation on the time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment, or the element data that belongs to the first cyclic group may be obtained by performing a Hash operation on the time index values of the r th time sub-segment of the (r ⁇ 1) th time sub-segment of the i th time segment, and then the obtained element data of the first cyclic group and other parameters such as the first update parameter, the second update parameter, and the first private key parameter and the second private key parameter of a time sub-segment previous to the current time sub-segment may undergo calculation that satisfies a bilinear mapping nature, so that the first private key parameter belongs to the first
  • a first private key parameter of the 0 th time sub-segment of the 0 th time segment may be specifically generated by using the first random parameter, the key Hash value, and the device's private key of the 0 th time sub-segment of the 0 th time segment of the security device, where a second private key parameter is specifically the first random parameter.
  • the first random parameter belongs to the preset value set.
  • the second private key parameter of the r th time sub-segment of the i th time segment is generated by using the second private key parameter of the (r ⁇ 1) th time sub-segment of the i th time segment and the second update parameter, so that the second private key parameter belongs to the preset value set. Therefore, convergence of a calculation result is ensured, the calculation result is simple, and a bit length of the second private key parameter is also ensured.
  • the first private key parameter and the second private key parameter of the r th time sub-segment of the i th time segment may be specifically obtained, by calculation, according to a private key update formula.
  • the private key update formula specifies a specific operation process of generating the user's private key of the current time sub-segment by using the update parameter, the time index values, and the user's private key of the previous time sub-segment.
  • FIG. 2 shows a flowchart of another embodiment of a key processing method according to an embodiment of the present application. The method may include the following steps:
  • a user equipment obtains a q th -order first cyclic group G1 and a q th -order second cyclic group G2 that are generated according to a security parameter k, where the two q th -order cyclic groups satisfy bilinear mapping e: G1 ⁇ G1 ⁇ G2.
  • q is a prime number
  • k is a bit length of q.
  • the private key update message includes a first update parameter and a second update parameter that are generated when the security device enters an r th time sub-segment of an i th time segment.
  • i and r represent time index values and both are integers greater than or equal to 0.
  • r When r is 0, generate a user's private key of the r th time sub-segment of the i th time segment according to a private key update formula by using the first update parameter and the second update parameter that are generated when the security device enters the r th time sub-segment of the i th time segment, a first private key parameter and a second private key parameter of a last time sub-segment of an (i ⁇ 1) th time segment, and time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment.
  • the private key update formula may be:
  • S i,r represents the first private key parameter of the r th time sub-segment of the i th time segment
  • u i,r represents the second private key parameter of the r th time sub-segment of the i th time segment
  • S i-1,RN[i-1] represents the first private key parameter of the last time sub-segment of the (i ⁇ 1) th time segment
  • u i-1,RN[i-1] represents the second private key parameter of the last time sub-segment of the (i ⁇ 1) th time segment.
  • SKR i,r represents the first update parameter of the r th time sub-segment of the i th time segment
  • a represents the second update parameter of the r th time sub-segment of the i th time segment.
  • RN[i ⁇ 1] represents the time index value of the last time sub-segment of the (i ⁇ 1) th time segment.
  • H 1 (i,r) represents element data that belongs to the first cyclic group and is obtained by performing a Hash operation on i and r
  • H 1 (i ⁇ 1, RN[i ⁇ 1]) represents element data that belongs to the first cyclic group and is obtained by performing a Hash operation on i ⁇ 1 and RN[i ⁇ 1].
  • the private key refresh formula is:
  • H 1 (i,r ⁇ 1) represents element data that belongs to the first cyclic group and is obtained by performing a Hash operation on i and r ⁇ 1.
  • the first update parameter and the second update parameter that are generated by the security device in the r th time sub-segment of the i th time segment may be specifically generated by using a device's private key of the r th time sub-segment of the i th time segment.
  • the device's private key of the r th time sub-segment of the i th time segment is generated by using a device's private key of the (r ⁇ 1) th time sub-segment of the i th time segment or the last time sub-segment of the (i ⁇ 1) th time segment, and a third random parameter randomly selected from the preset value set; and a device's private key of a 0 th time sub-segment of a 0 th time segment is a second random parameter randomly selected from the preset value set.
  • the second update parameter may be specifically the third random parameter.
  • the first update parameter may be specifically generated by the security device according to a first parameter generation formula by using the device's private key of the r th time sub-segment of the i th time segment, a device's private key of the last time sub-segment of the (i ⁇ 1) th time segment, and the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment.
  • the first parameter generation formula may be:
  • b i,r represents the device's private key of the r th time sub-segment of the i th time segment
  • b i-1,RN[i-1] represents the device's private key of the last time sub-segment of the (i ⁇ 1) th time segment.
  • b i,r b i-1,RN[i-1] + ⁇ , where ⁇ is the third random parameter.
  • the third random parameter ⁇ is the same as the second update parameter ⁇ in this case.
  • the first update parameter may be specifically generated by the security device according to a second parameter generation formula by using the device's private key of the r th time sub-segment of the i th time segment, the device's private key of the (r ⁇ 1) th time sub-segment of the i th time segment, and the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the r th time sub-segment and the (r ⁇ 1) th time sub-segment of the i th time segment.
  • the second parameter generation formula is:
  • b i,r-1 represents the device's private key of the (r ⁇ 1) th time sub-segment of the i th time segment.
  • a user's private key of the 0 th time sub-segment of the 0 th time segment may be specifically generated according to a private key generation formula by using the first random parameter, the device's private key of the 0 th time sub-segment of the 0 th time segment, and the key Hash value.
  • the private key generation formula may be:
  • S 0,0 represents a first private key parameter of the 0 th time sub-segment of the 0 th time segment
  • u 0,0 is the first random parameter
  • the first random parameter is a second private key parameter of the 0 time sub-segment of the 0 th time segment
  • H 1 (0, 0) is a Hash value of the 0 th time sub-segment of the 0 th time segment
  • b 0,0 is the device's private key of the 0 th time sub-segment of the 0 th time segment, that is, the second random parameter.
  • the user's private key is updated by using the first update parameter and the second update parameter that are generated according to the first parameter generation formula and the second parameter generation formula.
  • the first private key parameter does not include the third random parameter, which simplifies the generated user's private key.
  • the second private key parameter belongs to the preset value set, which ensures convergence of a calculation result and reduces operation complexity.
  • the user's public key is generated according to a public key generation formula by using a generator of the first cyclic group, and the device's private key and the first private key parameter of the 0 th time sub-segment of the 0 th time segment, where the public key generation formula is:
  • PK B is a first public key parameter
  • P pub is a second public key parameter
  • P is the generator of the first cyclic group
  • the ciphertext is specifically obtained according to an encryption formula, where the encryption formula is:
  • V M ⁇ H 2 ( e ( P pub +PK B ,H 1 ( i,r )) x );
  • x is a fourth random parameter randomly selected from the preset value set, M is the target data, the ciphertext includes U, V, i, and r; and H 2 (e(P pub +PK B ,H 1 (i,r)) x ) represents element data that belongs to the second cyclic group and is obtained by performing a Hash operation on e(P pub +PK B ,H 1 (i,r)) x .
  • e(P pub +PK B ,H 1 (i,r)) x represents element data that belongs to the first cyclic group and is obtained by performing bilinear mapping for P pub +PK B and H 1 (i,r)
  • the decrypting the ciphertext by using a user's private key corresponding to the time index value, so as to obtain the target data is specifically: obtaining the target data according to a decryption formula by using the user's private key corresponding to the time index value.
  • the decryption formula may be:
  • H 2 (e(U,S i,r )) represents element data that belongs to the second cyclic group and is obtained by performing a Hash operation on e(U,S i,r ).
  • e(U,S i,r ) represents element data that belongs to the second cyclic group and is obtained by performing bilinear mapping for U and S i,r .
  • a user's private key of each time sub-segment which is generated by using bilinear mapping, improves update efficiency and accomplishes applicability in different user equipments.
  • a private key can be updated by using a parameter of a time sub-segment previous to a current time sub-segment, which is simple and highly efficient.
  • the update and the generation of the private key are irrelevant to a life cycle of the key, and can be implemented only by using a time index value. Therefore, the life cycle of the key can be changed according to an actual application condition, which improves flexibility of updating the key and is applicable to different application scenarios.
  • update of a user's private key is specifically performed by a user equipment, and a security device generates an update parameter to trigger the user equipment to update the user's private key.
  • the security device is located on a message sending side, a public key may be generated on the message sending side, and an initial user's private key may be generated by the user equipment on the message sending side or a message receiving side.
  • Key processing in this embodiment of the present application is applicable to different scenarios that require encryption of a transmitted message, for example, in a communications system or a financial system.
  • the security device is located on the message sending side, so that the user equipment on the message receiving side can be triggered to perform automatic update of the user's private key, which reduces threat caused by key leakage to the system and is simple, efficient and highly flexible.
  • FIG. 3 is a flowchart of another embodiment of a key processing method according to an embodiment of the present application. The method may include the following steps:
  • the two q th -order cyclic groups satisfy bilinear mapping e: G1 ⁇ G1 ⁇ G2, where q is a prime number, and k is a bit length of q.
  • a user's private key of any one time sub-segment includes a first private key parameter and a second private key parameter
  • a user's public key includes a first public key parameter and a second public key parameter.
  • the first public key parameter and the second public key parameter may be generated by using a public key generation formula, and a first private key parameter of the 0 th time sub-segment of the 0 th time segment may be generated by using a private key generation formula, where a second private key parameter is specifically the first random parameter.
  • the device's private key of the 0 th time sub-segment of the 0 th time segment is specifically the second random parameter.
  • the private key generation formula may be:
  • the public key generation formula may be:
  • steps 301 and 302 may be performed on the message sending side in advance.
  • the security device When entering an r th time sub-segment of an i th time segment, the security device generates an update parameter and sends an update message that carries the update parameter to a user equipment.
  • the update parameter includes a first update parameter and a second update parameter.
  • the second update parameter is a third random parameter randomly selected from a preset value set.
  • the update parameter is generated according to a first parameter generation formula by using a device's private key of the r th time sub-segment of the i th time segment, a device's private key of the last time sub-segment of an (i ⁇ 1) th time segment, and time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment.
  • the first parameter generation formula is:
  • b i,r b i-1,RN[i-1] + ⁇ , and ⁇ is the third random parameter.
  • the update parameter is generated according to a second parameter generation formula by using the device's private key of the r th time sub-segment of the i th time segment, a device's private key of an (r ⁇ 1) th time sub-segment of the i th time segment, and time index values of the r th time sub-segment and the (r ⁇ 1) th time sub-segment of the i th time segment.
  • the second parameter generation formula is:
  • the user equipment obtains a first update parameter and a second update parameter of the r th time sub-segment of the i th time segment.
  • r When r is 0, generate a user's private key of the r th time sub-segment of the i th time segment according to a first private key update formula by using the first update parameter and the second update parameter that are generated by the security device, a first private key parameter and a second private key parameter of the last time sub-segment of an (i ⁇ 1) th time segment, and time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment.
  • the first private key update formula may be:
  • the parameter ⁇ is the same as the parameter ⁇ in this case.
  • r When r is greater than 0, generate the user's private key of the r th time sub-segment of the i th time segment according to a second private key update formula by using the first update parameter and the second update parameter that are generated by the security device, a first private key parameter and a second private key parameter of the (r ⁇ 1) th time sub-segment of the i th time segment, and time index values of the r th time sub-segment and the (r ⁇ 1) th of time sub-segment of the i th time segment.
  • the second private key update formula may be:
  • steps 307 to 308 For operations of steps 307 to 308 , refer to the description in steps 205 to 206 in the foregoing embodiment.
  • This embodiment implements simple and efficient key update, and is highly flexible and may be applicable to scenarios in which the life cycle of a key is of any length.
  • FIG. 4 is a schematic structural diagram of an embodiment of a key processing apparatus according to an embodiment of the present application.
  • This apparatus may include:
  • an obtaining unit 401 configured to obtain a private key update message provided by a security device, where the private key update message includes an update parameter generated when the security device enters an r th time sub-segment of an i th time segment, where i and r represent time index values and both are integers greater than or equal to 0;
  • a first updating unit 402 configured to: generate, when r is 0, a user's private key of the r th time sub-segment of the i th time segment by using the update parameter generated when the security device enters the r th time sub-segment of the i th time segment, a user's private key of a last time sub-segment of an (i ⁇ 1) th time segment, and time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment; and
  • a second updating unit 403 configured to: generate, when r is greater than 0, the user's private key of the r th time sub-segment of the i th time segment by using the update parameter generated when the security device enters the r th time sub-segment of the i th time segment, a user's private key of an (r ⁇ 1) th time sub-segment of the i th time segment, and time index values of the r th time sub-segment and the (r ⁇ 1) th time sub-segment of the i th time segment, where:
  • a user's private key of a 0 th time sub-segment of a 0 th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group of bilinear mapping and is obtained by performing a Hash operation on a time index value of the 0 th time sub-segment of the 0 th time segment.
  • a user's private key of a 0 th time sub-segment of a 0 th time segment is generated by using a preset value set and data in a first cyclic group of bilinear mapping; when an update parameter of a security device is received upon entry into an r th time sub-segment of an i th time segment, a user's private key of the r th time sub-segment of the i th time segment can be generated by using a user's private key, the update parameter, and a time index value that are of an (r ⁇ 1) th time sub-segment of an i th time segment or a last time sub-segment of an (i ⁇ 1) th time segment.
  • the user's private key of the 0 th time sub-segment of the 0 th time segment is generated by using the preset value set and the data in the first cyclic group of bilinear mapping.
  • a bit length of a user's private key generated by using bilinear mapping is short, which simplifies calculation.
  • a private key can be updated by using a parameter of a time sub-segment previous to a current time sub-segment, which is simple and highly efficient.
  • the update and the generation of the private key are irrelevant to a life cycle of the key, and can be implemented only by using a time index value. Therefore, the life cycle of the key can be changed according to an actual application condition, which improves flexibility of updating the key.
  • the update parameter of the r th time sub-segment of the i th time segment is generated by the security device by using a device's private key of the r th time sub-segment of the i th time segment, where a device's private key of the 0 th time sub-segment of the 0 th time segment is a second random parameter randomly selected from the preset value set; and the device's private key of the r th time sub-segment of the i th time segment is generated by using a device's private key of the (r ⁇ 1) th time sub-segment of the i th time segment or the last time sub-segment of the (i ⁇ 1) th time segment, and a third random parameter randomly selected from the preset value set.
  • the user's private key of the 0 th time sub-segment of the 0 th time segment is specifically generated by using the first random parameter, the device's private key of the 0 th time sub-segment of the 0 th time segment, and the key Hash value.
  • a user's private key includes a first private key parameter and a second private key parameter
  • the update parameter includes a first update parameter and a second update parameter
  • the first updating unit may be specifically configured to: obtain, when r is 0, element data by performing a Hash operation on the time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment, where the element data belongs to the first cyclic group; generate a first private key parameter of the r th time sub-segment of the i th time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the r th time sub-segment of the i th time segment, and a first private key parameter and a second private key parameter of the last time sub-segment of the (i ⁇ 1) th time segment; and, generate a second private key parameter of the r th time sub-segment of the i th time segment by using the second update parameter generated when the security device enters the r th time sub-segment of the i
  • the second updating unit may be specifically configured to: obtain, when r is greater than 0, the element data by performing a Hash operation on the time index values of the r th time sub-segment and the (r ⁇ 1) th time sub-segment of the i th time segment, where the element data belongs to the first cyclic group; generate the first private key parameter of the r th time sub-segment of the i th time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the r th time sub-segment of the i th time segment, and a first private key parameter and a second private key parameter of the (r ⁇ 1) th time sub-segment of the i th time segment; and generate the first private key parameter of the r th time sub-segment of the i th time segment by using the second private key parameter of the (r ⁇ 1) th time sub-segment of the i th time segment and the
  • the first updating unit may be specifically configured to: generate, when r is 0, the user's private key of the r th time sub-segment of the i th time segment according to a first private key update formula by using the first update parameter and the second update parameter that are generated when the security device enters the r th time sub-segment of the i th time segment, the first private key parameter and the second private key parameter of the last time sub-segment of the (i ⁇ 1) th time segment, and the time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment.
  • the first private key update formula includes:
  • the second updating unit may be specifically configured to: when r is greater than 0, generate the user's private key of the r th time sub-segment of the i th time segment according to a second private key update formula by using the first update parameter and the second update parameter that are generated when the security device enters the r th time sub-segment of the i th time segment, the first private key parameter and the second private key parameter of the (r ⁇ 1) th time sub-segment of the i th time segment, and the time index values of the r th time sub-segment and the (r ⁇ 1) th time sub-segment of the i th time segment.
  • the second private key update formula is:
  • the user's private key of the 0 th time sub-segment of the 0 th time segment is specifically generated according to a key generation formula by using the first random parameter, the device's private key of the 0 th time sub-segment of the 0 th time segment, and a Hash value.
  • the key generation formula is:
  • the second update parameter is the third random parameter.
  • the first update parameter is specifically generated by the security device according to a first parameter generation formula by using the device's private key of the r th time sub-segment of the i th time segment, a device's private key of the last time sub-segment of the (i ⁇ 1) th time segment, and the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment.
  • the first parameter generation formula is:
  • b i,r represents the device's private key of the r th time sub-segment of the i th time segment
  • b i-1,RN[i-1] represents the device's private key of the last time sub-segment of the (i ⁇ 1) th time segment
  • b i,r b i-1,RN[i-1] + ⁇
  • is the third random parameter.
  • the first update parameter is specifically generated by the security device according to a second parameter generation formula by using the device's private key of the r th time sub-segment of the i th time segment, a device's private key of the (r ⁇ 1) th time sub-segment of the i th time segment, and the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the r th time sub-segment and the (r ⁇ 1) th time sub-segment of the i th time segment.
  • the second parameter generation formula is:
  • the apparatus may further include:
  • a cyclic group generating unit 404 configured to generate a q th -order first cyclic group G1 and a q th -order second cyclic group G2 according to a security parameter k, so that the two q th -order cyclic groups satisfy bilinear mapping e: G1 ⁇ G1 ⁇ G2, where q is a prime number, and k is a bit length of q, where:
  • the preset value set is Z* q , where Z* q represents a remainder set that does not include a value 0 and is obtained by performing a modulo operation between an integer set Z and q; and
  • a decrypting unit 405 configured to: decrypt, when a ciphertext obtained by encrypting target data by using a public key and a target time index value is received, the ciphertext by using a user's private key corresponding to the target time index value, so as to obtain the target data, where:
  • the public key may be generated according to a public key generation formula by using a generator of the first cyclic group, and the device's private key and the first private key parameter of the 0 th time sub-segment of the 0 th time segment, where the public key generation formula is:
  • PK B is a first public key parameter
  • P pub is a second public key parameter
  • P is the generator of the first cyclic group.
  • the ciphertext is specifically obtained according to an encryption algorithm, where the encryption formula is:
  • V M ⁇ H 2 ( e ( P pub +PK B ,H 1 ( i,r )) x );
  • H 2 (e(P pub +PK B ,H 1 (i,r)) x ) represents element data that belongs to the second cyclic group and is obtained by performing a Hash operation on e(P pub +PK B , H 1 (i,r)) x .
  • the decrypting unit may be specifically configured to obtain the target data according to a decryption formula by using a user's private key corresponding to the time index value, where the decryption formula is:
  • the key processing apparatus in the foregoing embodiment may be integrated into a user equipment in practical application, where the user equipment may be a radio communications device, for example, may be a mobile device such as a mobile phone and a tablet computer.
  • the user equipment equipped with the key processing apparatus of this embodiment of the present application can implement update of a private key simply and efficiently, and ensure security of cryptosystem.
  • an embodiment of the present application further provides a user equipment.
  • the user equipment may include at least a processor 501 , and a memory 502 and a receiver 503 that are connected to the processor 501 separately by using a bus.
  • the memory 502 stores a group of program instructions, and this memory may be a high-speed RAM memory and may also be a non-volatile memory (non-volatile memory), such as, at least one disk memory.
  • the processor 501 is configured to invoke the program instructions stored in the memory 502 to execute the following operations:
  • the receiver 503 triggering the receiver 503 to obtain a private key update message provided by a security device, where the private key update message includes an update parameter generated when the security device enters an r th time sub-segment of an i th time segment, where i and r represent time index values and both are integers greater than or equal to 0;
  • a user's private key of a 0 th time sub-segment of a 0 th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group of bilinear mapping and is obtained by performing a Hash operation on a time index value of the 0 th time sub-segment of the 0 th time segment.
  • FIG. 6 is a schematic structural diagram of another embodiment of a key processing apparatus according to an embodiment of the present application.
  • This apparatus may include:
  • an update parameter generating unit configured to: generate an update parameter upon entry into an r th time sub-segment of an i th time segment, and send the update parameter to a user equipment, where the update parameter is used to instruct the user equipment to: when r is 0, generate a user's private key of the r th time sub-segment of the i th time segment by using the update parameter, a user's private key of a last time sub-segment of an (i ⁇ 1) th time segment, and time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment; and, when r is greater than 0, generate the user's private key of the r th time sub-segment of the i th time segment by using the update parameter, a user's private key of an (r ⁇ 1) th time sub-segment of the i th time segment, and time index values
  • a user's private key of a 0 th time sub-segment of a 0 th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group and is obtained by performing a Hash operation on a time index value of the 0 th time sub-segment of the 0 th time segment.
  • the update parameter of the r th time sub-segment of the i th time segment may be specifically generated by the security device by using a device's private key of the r th time sub-segment of the i th time segment, where a device's private key of the 0 th time sub-segment of the 0 th time segment is a second random parameter randomly selected from the preset value set; and the device's private key of the r th time sub-segment of the i th time segment is generated by using a device's private key of the (r ⁇ 1) th time sub-segment of the i th time segment or the last time sub-segment of the (i ⁇ 1) th time segment, and a third random parameter randomly selected from the preset value set.
  • the update parameter may specifically include a first update parameter and a second update parameter, and a user's private key includes a first private key parameter and a second private key parameter. Therefore, the update parameter generating unit 601 may include:
  • a first generating unit 6011 configured to: generate, when r is 0, the update parameter according to a first parameter generation formula by using a device's private key of the r th time sub-segment of the i th time segment, a device's private key of the last time sub-segment of the (i ⁇ 1) th time segment, and the time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment, where: the first parameter generation formula is:
  • b i,r represents the device's private key of the r th time sub-segment of the i th time segment
  • b i-1,RN[i-1] represents the device's private key of the last time sub-segment of the (i ⁇ 1) th time segment
  • b i,r b i-1,RN[i-1] + ⁇
  • is a third random parameter randomly selected from the preset value set
  • a second generating unit 6012 configured to: generate, when the time index value r is greater than 0, the update parameter according to a second parameter generation formula by using the device's private key of the r th time sub-segment of the i th time segment, the device's private key of the (r ⁇ 1) th time sub-segment of the i th time segment, and the time index values of the r th time sub-segment and the (r ⁇ 1) th time sub-segment of the i th time segment, where:
  • the second parameter generation formula is:
  • the first update parameter and the second update parameter may be specifically used to trigger the user equipment to: when r is 0, generate the user's private key of the r th time sub-segment of the i th time segment according to a first private key update formula by using the first update parameter and the second update parameter, the first private key parameter and the second private key parameter of the last time sub-segment of the (i ⁇ 1) th time segment, and the time index values of the r th time sub-segment of the i th time segment and the last time sub-segment of the (i ⁇ 1) th time segment, where:
  • the first private key update formula includes:
  • the second private key update formula is:
  • the user's private key of the 0 th time sub-segment of the 0 th time segment is specifically generated according to a key generation formula by using the first random parameter, the device's private key of the 0 th time sub-segment of the 0 th time segment, and the key Hash value, where:
  • is the same as ⁇ .
  • a user equipment is triggered to update a user's private key, which makes key update simple, efficient, and highly flexible.
  • a key processing apparatus in the foregoing embodiment may be integrated into a security device in practical application.
  • This security device may be applicable to a service system that requires cryptosystem, such as a service system of a mobile operator, a public security system, a financial system, and the like, so that an update parameter may be generated in each time sub-segment of different time segments, and a user equipment is triggered to update a key, so that an operation of updating the key is simple, efficient, and highly flexible.
  • an embodiment of the present application further provides a security device.
  • the security device includes at least a processor 701 , and a memory 702 and a sender 703 that are connected to the processor 701 separately by using a bus.
  • the memory 702 stores a group of program instructions, and this memory may be a high-speed RAM memory and may also be a non-volatile memory (non-volatile memory), such as, at least one disk memory.
  • the processor 701 is configured to invoke the program instructions stored in the memory 702 to execute the following operations:
  • a user's private key of a 0 th time sub-segment of a 0 th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group and is obtained by performing a Hash operation on a time index value of the 0 th time sub-segment of the 0 th time segment.
  • the processor may be a central processing unit CPU, or an application specific integrated circuit ASIC (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement this embodiment of the present invention.
  • CPU central processing unit
  • ASIC Application Specific Integrated Circuit
  • the software product may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, or an optical disc, and includes several instructions for instructing a computer device (which may be a personal computer, a server, or a network device) to perform the methods described in the embodiments or in some parts of the embodiments of the present application.
  • a computer device which may be a personal computer, a server, or a network device

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Lock And Its Accessories (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Embodiments of the present application provide a key processing method and apparatus, the embodiments of the present application improve flexibility of updating a key, and simplify operations.

Description

    CROSS-REFERENCE TO RELATED APPLICATION
  • This application claims priority to Chinese Patent Application No. 201310746982.4, filed on Dec. 30, 2013, which is hereby incorporated by reference in its entirety.
  • TECHNICAL FIELD
  • The present application relates to the field of information processing technologies, and in particular, to a key processing method and apparatus.
  • BACKGROUND
  • Key leakage threatens security of cryptosystem seriously. How to reduce harm caused by key leakage onto cryptosystem is research work of important theoretic significance and practical value.
  • Key update is an effective way of reducing the harm caused by key leakage and improving security. In an asymmetric key encryption manner, keys primarily include public keys and private keys, and updating a key primarily refers to updating a private key. An existing solution to implementation of key update is as follows: by using an idea of an intrusion tolerance technology, a life cycle of a key is divided into multiple time segments, each time segment is subdivided into multiple time sub-segments, and a public key remains unchanged throughout the life cycle; upon entry to each time sub-segment of each time segment, a user equipment is triggered to update a private key by using an update message provided by a security device, so that even if an intruder intrudes into the user equipment or the security device, so long as the intrusion is not launched in a same time sub-segment of a same time segment, the intruder is unable to calculate keys of a user in other time segments, thereby reducing harm caused by key leakage.
  • In the process of implementing the present invention, the inventor finds that in a key update operation based on this intrusion tolerance technology, how to implement simplicity and flexibility of the key update operation is a technical problem that a person skilled in the art urgently needs to solve currently.
  • SUMMARY
  • The present application provides a key processing method and apparatus to implement flexibility of updating a key and simplicity of operations.
  • To fulfill the foregoing objectives, the present application provides the following technical solutions:
  • A first aspect provides a key processing method, including:
  • obtaining, by a user equipment, a private key update message provided by a security device, where the private key update message includes an update parameter generated when the security device enters an rth time sub-segment of an ith time segment, where i and r represent time index values and both are integers greater than or equal to 0;
  • generating, when r is 0, a user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and
  • generating, when r is greater than 0, the user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where:
  • a user's private key of a 0th time sub-segment of a 0th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group of bilinear mapping and is obtained by performing a Hash operation on a time index value of the 0th time sub-segment of the 0th time segment.
  • In a first possible implementation manner of the first aspect, the update parameter of the rth time sub-segment of the ith time segment is generated by the security device by using a device's private key of the rth time sub-segment of the ith time segment, where a device's private key of the 0th time sub-segment of the 0th time segment is a second random parameter randomly selected from the preset value set; and the device's private key of the rth time sub-segment of the ith time segment is generated by using a device's private key of the (r−1)th time sub-segment of the ith time segment or the last time sub-segment of the (i−1)th time segment, and a third random parameter randomly selected from the preset value set; and
  • therefore, the user's private key of the 0th time sub-segment of the 0th time segment is specifically generated by using the first random parameter, the device's private key of the 0th time sub-segment of the 0th time segment, and the key Hash value.
  • With reference to the first aspect or the first possible implementation manner of the first aspect, a second possible implementation manner of the first aspect is further provided, where a user's private key includes a first private key parameter and a second private key parameter, and the update parameter includes a first update parameter and a second update parameter;
  • the generating, when r is 0, a user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, includes:
  • obtaining, when r is 0, element data by performing a Hash operation on the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, where the element data belongs to the first cyclic group; generating a first private key parameter of the rth time sub-segment of the ith time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, and a first private key parameter and a second private key parameter of the last time sub-segment of the (i−1)th time segment; and
  • generating a second private key parameter of the rth time sub-segment of the ith time segment by using the second update parameter and the second private key parameter of the last time sub-segment of the (i−1)th time segment; and
  • the generating, when r is greater than 0, the user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, includes:
  • obtaining, when r is greater than 0, the element data by performing a Hash operation on the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where the element data belongs to the first cyclic group; generating the first private key parameter of the rth time sub-segment of the ith time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, and a first private key parameter and a second private key parameter of the (r−1)th time sub-segment of the ith time segment; and
  • generating the first private key parameter of the rth time sub-segment of the ith time segment by using the second private key parameter of the (r−1)th time sub-segment of the ith time segment and the second update parameter generated when the security device enters the rth time sub-segment of the ith time segment.
  • With reference to the second possible implementation manner of the first aspect, a third possible implementation manner of the first aspect is further provided, where: the obtaining, when r is 0, element data by performing a Hash operation on the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, where the element data belongs to the first cyclic group; generating a first private key parameter of the rth time sub-segment of the ith time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, and a first private key parameter and a second private key parameter of the last time sub-segment of the (i−1)th time segment; and
  • generating a second private key parameter of the rth time sub-segment of the ith time segment by using the second private key parameter of the last time sub-segment of the (i−1)th time segment and the second update parameter generated when the security device enters the rth time sub-segment of the ith time segment, includes:
  • generating, when r is 0, the user's private key of the rth time sub-segment of the ith time segment according to a first private key update formula by using the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, the first private key parameter and the second private key parameter of the last time sub-segment of the (i−1)th time segment, and the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, where:
  • the first private key update formula includes:

  • S i,r =S i-1,RN[i-1] +SKR i,r −σH 1(i,r)+u i-1,RN[i-1](H 1(i,r)−H 1(i−1,RN[i−1])); and

  • u i,r =u i-1,RN[i-1]−σ, where:
  • Si,r represents the first private key parameter of the rth time sub-segment of the ith time segment, and ui,r represents the second private key parameter of the rth time sub-segment of the ith time segment;
  • SKRi,r represents the first update parameter of the rth time sub-segment of the ith time segment, and σ represents the second update parameter of the rth time sub-segment of the ith time segment;
  • RN[i−1] represents the time index value of the last time sub-segment of the (i−1)th time segment;
  • H1(i,r) represents the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values i and r, and H1(i−1, RN[i−1]) represents the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values i−1 and RN[i−1];
  • the obtaining, when r is greater than 0, the element data by performing a Hash operation on the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where the element data belongs to the first cyclic group; generating the first private key parameter of the rth time sub-segment of the ith time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, and a first private key parameter and a second private key parameter of the (r−1)th time sub-segment of the ith time segment; and
  • generating the first private key parameter of the rth time sub-segment of the ith time segment by using the second private key parameter of the (r−1)th time sub-segment of the ith time segment and the second update parameter generated when the security device enters the rth time sub-segment of the ith time segment, includes:
  • generating the user's private key of the rth time sub-segment of the ith time segment according to a second private key update formula by using the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, the first private key parameter and the second private key parameter of the (r−1)th time sub-segment of the ith time segment, and the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where:
  • the second private key update formula is:

  • S i,r =S i,r-1 +SKR i,r −σH 1(i,r)+u i,r-1(H 1(i,r)−H 1(i,r−1)); and

  • u i,r =u i,r-1−σ, where:
  • H1(i,r−1) represents the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values i and r−1; and
  • the user's private key of the 0th time sub-segment of the 0th time segment is specifically generated according to a key generation formula by using the first random parameter, the device's private key of the 0th time sub-segment of the 0th time segment, and the key Hash value, where:
  • the key generation formula is:

  • S 0,0 =u 0,0 H 1(0,0)+b 0,0 H 1(0,0), where:
  • S0,0 represents a first private key parameter of the 0th time sub-segment of the 0th time segment, u0,0 is the first random parameter, where the first random parameter is a second private key parameter of the 0th time sub-segment of the 0th time segment, H1(0, 0) is a Hash value of the 0th time sub-segment of the 0th time segment, and b0,0 is the device's private key of the 0th time sub-segment of the 0th time segment.
  • With reference to the second possible implementation manner or the third possible implementation manner of the first aspect, a fourth possible implementation manner of the first aspect is further provided, where the second update parameter is the third random parameter;
  • when r is 0, the first update parameter is specifically generated by the security device according to a first parameter generation formula by using the device's private key of the rth time sub-segment of the ith time segment, the device's private key of the last time sub-segment of the (i−1)th time segment, and the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, where
  • the first parameter generation formula is:

  • SKR i,r =b i,r H 1 −b i-1,RN[i-1] H 1(i−1,RN[i−1]), where:
  • bi,r represents the device's private key of the rth time sub-segment of the ith time segment, represents the device's private key of the last time sub-segment of the (i−1)th time segment, bi,r=bi-1,RN[i-1]+δ, and δ is the third random parameter; and
  • when r is greater than 0, the first update parameter is specifically generated by the security device according to a second parameter generation formula by using the device's private key of the rth time sub-segment of the ith time segment, the device's private key of the (r−1)th time sub-segment of the ith time segment, and the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the rth time sub-segment and the (r−1)q′ time sub-segment of the ith time segment, where:
  • the second parameter generation formula is:

  • SKR i,r =b i,r H 1(i,r)−b i,r-1 H 1(i,r−1), where:
  • bi,r-1 represents the device's private key of the (r−1)th time sub-segment of the ith time segment, and bi,r=bi,r-1+δ.
  • With reference to any one of the foregoing possible implementation manners of the first aspect, a fifth possible implementation manner of the first aspect is further provided, where the method further includes:
  • obtaining a qth-order first cyclic group G1 and a qth-order second cyclic group G2 that are generated according to a security parameter k, where the two qth-order cyclic groups satisfy bilinear mapping e: G1×G1→G2, where q is a prime number, and k is a bit length of q, where:
  • the preset value set is Z*q, where Z*q represents a remainder set that does not include a value 0 and is obtained by performing a modulo operation between of an integer set Z and q.
  • With reference to any one of the foregoing possible implementation manners of the first aspect, a sixth possible implementation manner of the first aspect is further provided, where the method further includes:
  • decrypting, when a ciphertext obtained by encrypting target data by using a user's public key and a target time index value is received, the ciphertext by using a user's private key corresponding to the target time index value, so as to obtain the target data.
  • With reference to the sixth possible implementation manner of the first aspect, a seventh possible implementation manner of the first aspect is further provided, where the user's public key is generated according to a public key generation formula by using a generator of the first cyclic group, and the device's private key and the first private key parameter of the 0th time sub-segment of the 0th time segment, where the public key generation formula is:

  • PK B =b 0,0 P, P pub =u 0,0 P, where:
  • PKB is a first public key parameter, Ppub is a second public key parameter, and P is the generator of the first cyclic group;
  • therefore, the ciphertext is specifically obtained according to an encryption formula, where the encryption formula is:

  • V=M⊕H 2(e(P pub +PK B ,H 1(i,r))x); and

  • U=xP, where:
  • x is a fourth random parameter randomly selected from the preset value set, M is the target data, the ciphertext includes U, V, i, and r; and H2(e(Ppub+PKB, H1(i,r)x) represents element data that belongs to the second cyclic group and is obtained by performing a Hash operation on e(Ppub+PKB,H1(i,r))x;
  • therefore, the decrypting the ciphertext by using a user's private key corresponding to the time index value, so as to obtain the target data, is specifically: obtaining the target data according to a decryption formula by using the user's private key corresponding to the time index value, where the decryption formula is:

  • M=V⊕H 2(e(U,S i,r)), where:
  • H2(e(U,Si,r)) represents the element data that belongs to the second cyclic group and is obtained by performing a Hash operation on e(U,Si,r).
  • A second aspect provides a key processing method, including:
  • generating an update parameter when a security device enters an rth time sub-segment of an ith time segment, and sending an update message that carries the update parameter to a user equipment, where the update message is used to instruct the user equipment to: when r is 0, generate a user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and, when r is greater than 0, generate the user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where:
  • a user's private key of a 0th time sub-segment of a 0th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group and is obtained by performing a Hash operation on a time index value of the 0th time sub-segment of the 0th time segment.
  • In a first possible implementation manner of the second aspect, the update parameter includes a first update parameter and a second update parameter, and a user's private key includes a first private key parameter and a second private key parameter, and
  • therefore, the generating an update parameter when a security device enters an rth time sub-segment of an ith time segment includes:
  • generating, when r is 0, the update parameter according to a first parameter generation formula by using a device's private key of the rth time sub-segment of the ith time segment, a device's private key of the last time sub-segment of the (i−1)th time segment, and the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, where:
  • the first parameter generation formula is:

  • SKR i,r =b i,r H 1(i,r)−b i-1,RN[i-1] H 1(i−1,RN[i−1]), where:
  • bi,r represents the device's private key of the rth time sub-segment of the ith time segment, bi-1,RN[i-1] represents the device's private key of the last time sub-segment of the (i−1)th time segment, bi,r=b+δ, and δ is a third random parameter randomly selected from the preset value set; and
  • generating, when r is greater than 0, the update parameter according to a second parameter generation formula by using the device's private key of the rth time sub-segment of the ith time segment, the device's private key of the (r−1)th time sub-segment of the ith time segment, and the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where:
  • the second parameter generation formula is:

  • SKR i,r =b i,r H 1(i,r)−b i,r-1 H 1(i,r−1), where:
  • bi,r-1 represents the device's private key of the (r−1)th time sub-segment of the ith time segment, and bi,r=bi,r-1+δ.
  • A third aspect provides a key processing apparatus, including:
  • an obtaining unit, configured to obtain a private key update message provided by a security device, where the private key update message includes an update parameter generated when the security device enters an rth time sub-segment of an ith time segment, where i and r represent time index values and both are integers greater than or equal to 0;
  • a first updating unit, configured to: generate, when r is 0, a user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and
  • a second updating unit, configured to: generate, when r is greater than 0, the user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where:
  • a user's private key of a 0th time sub-segment of a 0th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group of bilinear mapping and is obtained by performing a Hash operation on a time index value of the 0th time sub-segment of the 0th time segment.
  • In a first possible implementation manner of the third aspect, the update parameter of the rth time sub-segment of the ith time segment is generated by the security device by using a device's private key of the rth time sub-segment of the ith time segment, where a device's private key of the 0th time sub-segment of the 0th time segment is a second random parameter randomly selected from the preset value set; and the device's private key of the rth time sub-segment of the ith time segment is generated by using a device's private key of the (r−1)th time sub-segment of the ith time segment or the last time sub-segment of the (i−1)th time segment, and a third random parameter randomly selected from the preset value set; and
  • therefore, the user's private key of the 0th time sub-segment of the 0th time segment is specifically generated by using the first random parameter, the device's private key of the 0th time sub-segment of the 0th time segment, and the key Hash value.
  • With reference to the third aspect or the first possible implementation manner of the third aspect, a first possible implementation manner of the third aspect is further provided, where a user's private key includes a first private key parameter and a second private key parameter, and the update parameter includes a first update parameter and a second update parameter;
  • the first updating unit is specifically configured to: obtain, when r is 0, element data by performing a Hash operation on the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, where the element data belongs to the first cyclic group; generate a first private key parameter of the rth time sub-segment of the ith time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, and a first private key parameter and a second private key parameter of the last time sub-segment of the (i−1)th time segment; and, generate a second private key parameter of the rth time sub-segment of the ith time segment by using the second update parameter generated when the security device enters the rth time sub-segment of the ith time segment and the second private key parameter of the last time sub-segment of the (i−1)th time segment;
  • the second updating unit is specifically configured to: obtain, when r is greater than 0, the element data by performing a Hash operation on the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where the element data belongs to the first cyclic group; generate the first private key parameter of the rth time sub-segment of the ith time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, and a first private key parameter and a second private key parameter of the (r−1)th time sub-segment of the ith time segment; and generate the first private key parameter of the rth time sub-segment of the ith time segment by using the second private key parameter of the (r−1)th time sub-segment of the ith time segment and the second update parameter generated when the security device enters the rth time sub-segment of the ith time segment.
  • With reference to any one of the foregoing possible implementation manners of the third aspect, a third possible implementation manner of the third aspect is further provided, which further includes:
  • a cyclic group generating unit, configured to generate a qth-order first cyclic group G1 and a qth-order second cyclic group G2 according to a security parameter k, so that the two qth-order cyclic groups satisfy bilinear mapping e: G1×G1→G2, where q is a prime number, and k is a bit length of q, where:
  • the preset value set is Z*q, where Z*q represents a remainder set that does not include a value 0 and is obtained by performing a modulo operation between an integer set Z and q.
  • With reference to the third possible implementation manner of the third aspect, a fourth possible implementation manner of the third aspect is further provided, which further includes:
  • a decrypting unit, configured to: decrypt, when a ciphertext obtained by encrypting target data by using a public key and a target time index value is received, the ciphertext by using a user's private key corresponding to the target time index value, so as to obtain the target data.
  • A fourth aspect provides a key processing apparatus, including:
  • an update parameter generating unit, configured to: generate an update parameter upon entry into an rth time sub-segment of an ith time segment, and send the update parameter to a user equipment, where the update parameter is used to instruct the user equipment to: when r is 0, generate a user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and, when r is greater than 0, generate the user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where:
  • a user's private key of a 0th time sub-segment of a 0th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group and is obtained by performing a Hash operation on a time index value of the 0th time sub-segment of the 0th time segment.
  • In a first possible implementation manner of the fourth aspect, the update parameter includes a first update parameter and a second update parameter, and a user's private key includes a first private key parameter and a second private key parameter, and
  • the update parameter generating unit includes:
      • a first generating unit, configured to: generate, when r is 0, the update parameter according to a first parameter generation formula by using a device's private key of the rth time sub-segment of the ith time segment, a device's private key of the last time sub-segment of the (i−1)th time segment, and the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, where:
  • the first parameter generation formula is:

  • SKR i,r =b i,r H 1(i,r)−b i-1,RN[i-1] H 1(i−1,RN[i−1]), where:
  • bi,r represents the device's private key of the rth time sub-segment of the ith time segment, bi-1,RN[i-1] represents the device's private key of the last time sub-segment of the (i−1)th time segment, bi,r=bi-1,RN[i-1]+δ, and δ is a third random parameter randomly selected from the preset value set;
  • a second generating unit, configured to: generate, when the time index value r is greater than 0, the update parameter according to a second parameter generation formula by using the device's private key of the rth time sub-segment of the ith time segment, the device's private key of the (r−1)th time sub-segment of the ith time segment, and the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where
  • the second parameter generation formula is:

  • SKR i,r =b i,r H 1(i,r)−b i,r-1 H 1(i,r−1), where
  • bi,r-1 represents the device's private key of the (r−1)th time sub-segment of the ith time segment, and bi,r=bi,r-1+δ.
  • In summary, the present application provides a key processing method and apparatus. A user equipment obtains an update parameter generated by a security device in an rth time sub-segment of an ith time segment; when r is 0, generates a user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and when r is greater than 0, generates the user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment. A user's private key of a 0th time sub-segment of a 0th time segment is generated by using a preset value set and data in a first cyclic group of bilinear mapping. A bit length of a user's private key generated by using bilinear mapping is short. In key updating, a private key can be updated by using a parameter of a time sub-segment previous to a current time sub-segment, without a need of increasing a key length, which is simple and highly efficient. In addition, the update and the generation of the private key are irrelevant to a life cycle of the key, and can be implemented only by using a time index value. Therefore, the life cycle of the key can be changed according to an actual application condition, which improves flexibility of updating the key.
  • BRIEF DESCRIPTION OF DRAWINGS
  • To describe the technical solutions in the embodiments of this application or in the prior art more clearly, the following briefly describes the accompanying drawings required for describing the embodiments or the prior art. Apparently, the accompanying drawings in the following description show merely some embodiments of this application, and a person of ordinary skill in the art may still derive other drawings from the provided accompanying drawings without creative efforts.
  • FIG. 1 is a flowchart of an embodiment of a key processing method according to an embodiment of the present application;
  • FIG. 2 is a flowchart of another embodiment of a key processing method according to an embodiment of the present application;
  • FIG. 3 is a flowchart of another embodiment of a key processing method according to an embodiment of the present application;
  • FIG. 4 is a schematic structural diagram of an embodiment of a key processing apparatus according to an embodiment of the present application;
  • FIG. 5 is a schematic structural diagram of an embodiment of a user equipment according to an embodiment of the present application;
  • FIG. 6 is a schematic structural diagram of another embodiment of a key processing apparatus according to an embodiment of the present application; and
  • FIG. 7 is a schematic structural diagram of an embodiment of a security device according to an embodiment of the present application.
  • DESCRIPTION OF EMBODIMENTS
  • The following clearly describes the technical solutions in the embodiments of this application with reference to the accompanying drawings in the embodiments of the present application. Apparently, the described embodiments are only a part rather than all of the embodiments of this application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without creative efforts shall fall within the protection scope of this application.
  • One of main ideas of the embodiments of the present application includes: obtaining, by a user equipment, an update parameter generated by a security device in an rth time sub-segment of an ith time segment; generating, when r is 0, a user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of a last time sub-segment of an (i−1) time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and generating, when r is greater than 0, the user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment; A user's private key of a 0th time sub-segment of a 0th time segment is generated by using a preset value set and data in a first cyclic group of bilinear mapping. A bit length of a user's private key generated by using bilinear mapping is short. In key updating, a private key can be updated by using a parameter of a time sub-segment previous to a current time sub-segment, without a need of increasing a key length, which is simple and highly efficient. In addition, the update and the generation of the private key are irrelevant to a life cycle of the key, and can be implemented only by using a time index value. Therefore, the life cycle of the key can be changed according to an actual application condition, which improves flexibility of updating the key.
  • The following describes the technical solutions of the present application in detail with reference to the accompanying drawings.
  • FIG. 1 is a flowchart of an embodiment of a key processing method according to an embodiment of the present application. The method may include the following steps:
  • 101. A user equipment obtains a private key update message provided by a security device.
  • The private key update message includes an update parameter generated when the security device enters an rth time sub-segment of an ith time segment, where i and r are two time index values and both are integers greater than or equal to 0.
  • This embodiment of the present application is implemented by using an idea of an intrusion tolerance technology. A life cycle of a key is divided into multiple time segments, and each time segment is subdivided into multiple time sub-segments. By using the key processing solution provided in this embodiment of the present application, a private key of each time sub-segment of each time segment is updated.
  • Assuming that: when the life cycle of the key is divided into M time segments, a value of i is 0, 1, 2 . . . M−1; and
  • when each time segment is divided into N time sub-segments, a value of r is 0, 1, 2 . . . N−1.
  • This embodiment of the present application is primarily applied to an asymmetric key encryption solution, in which a public key is public, and a sender of a message uses the public key to encrypt the message; a private key is known to only a receiver of the message, and the receiver uses the private key to decrypt the encrypted message, thereby ensuring transmission security of the message. By updating the private key, security threat caused by leakage of the private key can be reduced.
  • The security device is a device used to assist implementation of update of the private key, and, in different actual application scenarios, may be applied to a message sending side. The security device generates an update parameter in every time sub-segment of every time segment to trigger update of the private key.
  • A user's private key of a 0th time sub-segment of a 0th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group of bilinear mapping and is obtained by performing a Hash operation on a time index value of the 0th time sub-segment of the 0th time segment.
  • The user's private key of the 0th time sub-segment of the 0th time segment refers to an initial user's private key. With increase of time, the initial user's private key needs to be updated to reduce harm caused by private key leakage to security. The initial user's private key is generated based on a first cyclic group of bilinear mapping. The key length generated by using bilinear mapping is fixed.
  • Arithmetic operations may be performed on the first random parameter and the key Hash value to obtain the initial user's private key.
  • 102. When r is 0, generate a user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment.
  • 103. When r is greater than 0, generate the user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment.
  • The private key update performed in the rth time sub-segment of the ith time segment may come in two scenarios depending on the value of r, and therefore, a user's private key of each time sub-segment is generated according to a user's private key of a previous time sub-segment. The previous time sub-segment, when r is 0, refers to the last time sub-segment of a previous time segment (the (i−1)th time segment); and, when r is greater than 0, refers to a previous time sub-segment (the (r−1)th time sub-segment) of a current time segment (the ith time segment).
  • By using the update parameter, the user's private key of the previous time sub-segment, and the time index value, the update of the user's private key of the rth time sub-segment of the ith time segment can be generated. Specifically, the user's private key may be obtained by using arithmetic operations.
  • In this embodiment, a user's private key of a 0th time sub-segment of a 0th time segment is generated by using a preset value set and data in a first cyclic group of bilinear mapping; when an update parameter of a security device is received upon entry into an rth time sub-segment of an ith time segment, a user's private key of the rth time sub-segment of the ith time segment can be generated by using a user's private key of an (r−1)th time sub-segment of an ith time segment or a last time sub-segment of an (i−1)th time segment, the update parameter, and a time index value. The user's private key of the 0th time sub-segment of the 0th time segment is generated by using bilinear mapping. A bit length of a user's private key generated by using bilinear mapping is short, which simplifies calculation. In key updating, a private key can be updated by using a parameter of a time sub-segment previous to a current time sub-segment, which is simple and highly efficient. In addition, the update and the generation of the private key are irrelevant to a life cycle of the key, and can be implemented only by using a time index value. Therefore, the life cycle of the key can be changed according to an actual application condition, which improves flexibility of updating the key.
  • In addition, in another embodiment, by using each parameter and a corresponding operation, that the generated user's private key of the rth time sub-segment of the ith time segment belongs to the preset value set or the first cyclic group may be accomplished.
  • A value included in the preset value set may be specifically a value that has a fixed bit length. Element data in the first cyclic group is also element data that has a fixed bit length. The user's private key of the rth time sub-segment of the ith time segment belongs to the preset value set or the first cyclic group, thereby preventing the bit length of the updated user's private key from increasing with increase of time, further reducing operation complexity, and improving update efficiency.
  • The first cyclic group may be generated in advance according to a security parameter k. Two qth-order cyclic groups, that is, a first cyclic group G1 and a second cyclic group G2, may be generated according to the security parameter k, so that the two qth-order cyclic groups satisfy bilinear mapping e: G1×G1→G2, where the first cyclic group G1 is a bilinear mapping cyclic group, k is a natural number, q is a prime number, and k is specifically a bit length of q. A generator of the first cyclic group is p.
  • The preset value set may be specifically Z*q, where Z*q refers to a remainder set that does not include a value 0 and is obtained by performing a modulo operation between an integer set Z and q, that is, Zq=Z mod q, where Z*q is a value set that is in Zq and does not include the value 0. Because q is a prime number, Z*q can form a finite value range in which a value included has a finite bit length.
  • The key Hash value is the element data that belongs to the first cyclic group of bilinear mapping and is obtained by performing a Hash operation on the time index value (0, 0) of the 0th time sub-segment of the 0th time segment. That is, (0, 0) is mapped into the first cyclic group by using the Hash operation, that is, belongs to element data in the first cyclic group.
  • To further improve security, in another embodiment, the update parameter generated by the security device in the rth time sub-segment of the ith time segment may be generated by using a device's private key of the rth time sub-segment of the ith time segment. The user equipment already knows a device's public key of the security device, and therefore, according to the device's public key, identifies whether the received update parameter is sent by the security device, so as to prevent intrusion of an intruder.
  • The device's private key of the 0th time sub-segment of the 0th time segment is a second random parameter randomly selected from the preset value set; when r is 0, the device's private key of the rth time sub-segment of the ith time segment is generated according to a device's private key of the (r−1)th time sub-segment of the ith time segment and a third random parameter randomly selected from the preset value set; when r is greater than 0, the device's private key of the rth time sub-segment of the ith time segment is generated according to a device's private key of the last time sub-segment of the (i−1)th time segment and the third random parameter randomly selected from the preset value set. In this way, a device's private key of a current time sub-segment includes the third random parameter and a device's private key of a previous time sub-segment.
  • In this case, the user's private key of the 0th time sub-segment of the 0th time segment may be specifically generated by using the first random parameter, the device's private key of the 0th time sub-segment of the 0th time segment, and a Hash value.
  • To further improve security, a user's private key may consist of multiple private key parameters. Therefore, in another embodiment, the user's private key may include a first private key parameter and a second private key parameter, where the first private key parameter is primarily used to decrypt a ciphertext.
  • In this case, the update parameter generated by the security device may specifically include a first update parameter and a second update parameter.
  • The second update parameter may be specifically used to generate the third random parameter of a device's private key.
  • When r is 0, the first update parameter may be generated by the security device by using the device's private key of the rth time sub-segment of the ith time segment, the device's private key of the last time sub-segment of the (i−1)th time segment, and the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment.
  • In this case, the operations of step 102 may include:
  • generating a first private key parameter of the rth time sub-segment of the ith time segment by using the first update parameter and the second update parameter, a first private key parameter and a second private key parameter of the last time sub-segment of the (i−1)th time segment, and element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and
  • generating a second private key parameter of the rth time sub-segment of the ith time segment by using the second update parameter and the second private key parameter of the last time sub-segment of the (i−1)th time segment, so that the generated first private key parameter does not include the third random parameter and complexity of the private key is reduced.
  • When r is greater than 0, the first update parameter may be generated by the security device by using the device's private key of the rth time sub-segment of the ith time segment, the device's private key of the (r−1)th time sub-segment of the ith time segment, and the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment.
  • In this case, the operations of step 103 may include:
  • generating the first private key parameter of the rth time sub-segment of the ith time segment by using the first update parameter and the second update parameter, a first private key parameter and a second private key parameter of the (r−1)th time sub-segment of the ith time segment, and element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment; and
  • generating the second private key parameter of the rth time sub-segment of the ith time segment by using the second private key parameter of the (r−1)th time sub-segment of the ith time segment and the second update parameter, so that the generated first private key parameter does not include the third random parameter and complexity of the private key is reduced.
  • In order to cause the first private key parameter of the generated user's private key to belong to the first cyclic group of bilinear mapping, the element data that belongs to the first cyclic group may be obtained by performing a Hash operation on the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, or the element data that belongs to the first cyclic group may be obtained by performing a Hash operation on the time index values of the rth time sub-segment of the (r−1)th time sub-segment of the ith time segment, and then the obtained element data of the first cyclic group and other parameters such as the first update parameter, the second update parameter, and the first private key parameter and the second private key parameter of a time sub-segment previous to the current time sub-segment may undergo calculation that satisfies a bilinear mapping nature, so that the first private key parameter belongs to the first cyclic group and hence the first private key parameter has a fixed bit length which does not increase with increase of time.
  • A first private key parameter of the 0th time sub-segment of the 0th time segment may be specifically generated by using the first random parameter, the key Hash value, and the device's private key of the 0th time sub-segment of the 0th time segment of the security device, where a second private key parameter is specifically the first random parameter.
  • The first random parameter belongs to the preset value set. The second private key parameter of the rth time sub-segment of the ith time segment is generated by using the second private key parameter of the (r−1)th time sub-segment of the ith time segment and the second update parameter, so that the second private key parameter belongs to the preset value set. Therefore, convergence of a calculation result is ensured, the calculation result is simple, and a bit length of the second private key parameter is also ensured.
  • The first private key parameter and the second private key parameter of the rth time sub-segment of the ith time segment may be specifically obtained, by calculation, according to a private key update formula. The private key update formula specifies a specific operation process of generating the user's private key of the current time sub-segment by using the update parameter, the time index values, and the user's private key of the previous time sub-segment. In a possible operation manner, FIG. 2 shows a flowchart of another embodiment of a key processing method according to an embodiment of the present application. The method may include the following steps:
  • 201. A user equipment obtains a qth-order first cyclic group G1 and a qth-order second cyclic group G2 that are generated according to a security parameter k, where the two qth-order cyclic groups satisfy bilinear mapping e: G1×G1→G2.
  • q is a prime number, and k is a bit length of q.
  • 202. Obtain a private key update message provided by a security device.
  • The private key update message includes a first update parameter and a second update parameter that are generated when the security device enters an rth time sub-segment of an ith time segment.
  • i and r represent time index values and both are integers greater than or equal to 0.
  • 203. When r is 0, generate a user's private key of the rth time sub-segment of the ith time segment according to a private key update formula by using the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, a first private key parameter and a second private key parameter of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment.
  • The private key update formula may be:

  • S i,r =S i-1,RN[i-1] +SKR i,r −σH 1(i,r)+u i-1,RN[i-1](H 1(i,r)−H 1(i−1,RN[i−1])); and

  • u i,r =u i-1,RN[i-1]−σ, where:
  • Si,r represents the first private key parameter of the rth time sub-segment of the ith time segment, ui,r represents the second private key parameter of the rth time sub-segment of the ith time segment, Si-1,RN[i-1] represents the first private key parameter of the last time sub-segment of the (i−1)th time segment; and ui-1,RN[i-1] represents the second private key parameter of the last time sub-segment of the (i−1)th time segment.
  • SKRi,r represents the first update parameter of the rth time sub-segment of the ith time segment, and a represents the second update parameter of the rth time sub-segment of the ith time segment.
  • RN[i−1] represents the time index value of the last time sub-segment of the (i−1)th time segment.
  • H1(i,r) represents element data that belongs to the first cyclic group and is obtained by performing a Hash operation on i and r, and H1(i−1, RN[i−1]) represents element data that belongs to the first cyclic group and is obtained by performing a Hash operation on i−1 and RN[i−1].
  • 204. Generate the user's private key of the rth time sub-segment of the ith time segment according to a private key refresh formula by using the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, the time index value i, and a first private key parameter and a second private key parameter of an (r−1)th time sub-segment of the ith time segment.
  • The private key refresh formula is:

  • S i,r =S i,r-1 +SKR i,r −σH 1(i,r)+u i,r-1(H 1(i,r)−H 1(i,r−1)); and

  • u i,r =u i,r-1−σ, where:
  • H1(i,r−1) represents element data that belongs to the first cyclic group and is obtained by performing a Hash operation on i and r−1.
  • The first update parameter and the second update parameter that are generated by the security device in the rth time sub-segment of the ith time segment may be specifically generated by using a device's private key of the rth time sub-segment of the ith time segment.
  • The device's private key of the rth time sub-segment of the ith time segment is generated by using a device's private key of the (r−1)th time sub-segment of the ith time segment or the last time sub-segment of the (i−1)th time segment, and a third random parameter randomly selected from the preset value set; and a device's private key of a 0th time sub-segment of a 0th time segment is a second random parameter randomly selected from the preset value set.
  • The second update parameter may be specifically the third random parameter.
  • In a possible implementation manner, when r is 0, the first update parameter may be specifically generated by the security device according to a first parameter generation formula by using the device's private key of the rth time sub-segment of the ith time segment, a device's private key of the last time sub-segment of the (i−1)th time segment, and the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment.
  • The first parameter generation formula may be:

  • SKR i,r =b i,r H 1(i,r)−b i-1,RN[i-1] H 1(i−1,RN[i−1]), where:
  • bi,r represents the device's private key of the rth time sub-segment of the ith time segment, and bi-1,RN[i-1] represents the device's private key of the last time sub-segment of the (i−1)th time segment.
  • bi,r=bi-1,RN[i-1]+δ, where δ is the third random parameter.
  • It may be learned from the foregoing description that, the third random parameter δ is the same as the second update parameter σ in this case.
  • When r is greater than 0, the first update parameter may be specifically generated by the security device according to a second parameter generation formula by using the device's private key of the rth time sub-segment of the ith time segment, the device's private key of the (r−1)th time sub-segment of the ith time segment, and the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment.
  • The second parameter generation formula is:

  • SKR i,r =b i,r H 1(i,r)−b i,r-1 H 1(i,r−1); and

  • b i,r =b i,r-1+δ, where:
  • bi,r-1 represents the device's private key of the (r−1)th time sub-segment of the ith time segment.
  • In this embodiment, a user's private key of the 0th time sub-segment of the 0th time segment may be specifically generated according to a private key generation formula by using the first random parameter, the device's private key of the 0th time sub-segment of the 0th time segment, and the key Hash value.
  • The private key generation formula may be:

  • S 0,0 =u 0,0 H 1(0,0)+b 0,0 H 1(0,0), where:
  • S0,0 represents a first private key parameter of the 0th time sub-segment of the 0th time segment, u0,0 is the first random parameter, where the first random parameter is a second private key parameter of the 0 time sub-segment of the 0th time segment, H1(0, 0) is a Hash value of the 0th time sub-segment of the 0th time segment, and b0,0 is the device's private key of the 0th time sub-segment of the 0th time segment, that is, the second random parameter.
  • The user's private key is updated by using the first update parameter and the second update parameter that are generated according to the first parameter generation formula and the second parameter generation formula. With the generated user's private key, the first private key parameter does not include the third random parameter, which simplifies the generated user's private key. The second private key parameter belongs to the preset value set, which ensures convergence of a calculation result and reduces operation complexity.
  • 205. Receive a ciphertext generated by encrypting target data by using a user's public key and a target time index value.
  • The user's public key is generated according to a public key generation formula by using a generator of the first cyclic group, and the device's private key and the first private key parameter of the 0th time sub-segment of the 0th time segment, where the public key generation formula is:

  • PK B =b 0,0 P, P pub =u 0,0 P, where:
  • PKB is a first public key parameter, Ppub is a second public key parameter, and P is the generator of the first cyclic group; and
  • therefore, the ciphertext is specifically obtained according to an encryption formula, where the encryption formula is:

  • V=M⊕H 2(e(P pub +PK B ,H 1(i,r))x); and

  • U=xP, where:
  • x is a fourth random parameter randomly selected from the preset value set, M is the target data, the ciphertext includes U, V, i, and r; and H2(e(Ppub+PKB,H1(i,r))x) represents element data that belongs to the second cyclic group and is obtained by performing a Hash operation on e(Ppub+PKB,H1(i,r))x. e(Ppub+PKB,H1(i,r))x represents element data that belongs to the first cyclic group and is obtained by performing bilinear mapping for Ppub+PKB and H1(i,r)
  • 206. Decrypt the ciphertext by using a user's private key corresponding to the target time index value, so as to obtain the target data.
  • When the ciphertext includes U, V, i, and r, the decrypting the ciphertext by using a user's private key corresponding to the time index value, so as to obtain the target data, is specifically: obtaining the target data according to a decryption formula by using the user's private key corresponding to the time index value.
  • The decryption formula may be:

  • M=V⊕H 2(e(U,S i,r)), where
  • H2(e(U,Si,r)) represents element data that belongs to the second cyclic group and is obtained by performing a Hash operation on e(U,Si,r). e(U,Si,r) represents element data that belongs to the second cyclic group and is obtained by performing bilinear mapping for U and Si,r.
  • In this embodiment, on a precondition of ensuring security against key leakage, a user's private key of each time sub-segment, which is generated by using bilinear mapping, improves update efficiency and accomplishes applicability in different user equipments. In key updating, a private key can be updated by using a parameter of a time sub-segment previous to a current time sub-segment, which is simple and highly efficient. In addition, the update and the generation of the private key are irrelevant to a life cycle of the key, and can be implemented only by using a time index value. Therefore, the life cycle of the key can be changed according to an actual application condition, which improves flexibility of updating the key and is applicable to different application scenarios.
  • In practical application of the foregoing embodiment, update of a user's private key is specifically performed by a user equipment, and a security device generates an update parameter to trigger the user equipment to update the user's private key. The security device is located on a message sending side, a public key may be generated on the message sending side, and an initial user's private key may be generated by the user equipment on the message sending side or a message receiving side. Key processing in this embodiment of the present application is applicable to different scenarios that require encryption of a transmitted message, for example, in a communications system or a financial system. The security device is located on the message sending side, so that the user equipment on the message receiving side can be triggered to perform automatic update of the user's private key, which reduces threat caused by key leakage to the system and is simple, efficient and highly flexible.
  • FIG. 3 is a flowchart of another embodiment of a key processing method according to an embodiment of the present application. The method may include the following steps:
  • 301. Generate a qth-order first cyclic group G1 and a qth-order second cyclic group G2 in advance according to a security parameter k.
  • The two qth-order cyclic groups satisfy bilinear mapping e: G1×G1→G2, where q is a prime number, and k is a bit length of q.
  • 302. Randomly select a first random parameter and a second random parameter from a preset value set, and generate a user's private key, a user's public key, and a security device's private key that are of a 0th time sub-segment of a 0th time segment.
  • A user's private key of any one time sub-segment includes a first private key parameter and a second private key parameter, and a user's public key includes a first public key parameter and a second public key parameter.
  • Specifically, the first public key parameter and the second public key parameter may be generated by using a public key generation formula, and a first private key parameter of the 0th time sub-segment of the 0th time segment may be generated by using a private key generation formula, where a second private key parameter is specifically the first random parameter. The device's private key of the 0th time sub-segment of the 0th time segment is specifically the second random parameter.
  • The private key generation formula may be:

  • S 0,0 =u 0,0 H 1(0,0)+b 0,0 H 1(0,0)
  • The public key generation formula may be:

  • PK B =b 0,0 P, P pub =u 0,0 P.
  • The operations of steps 301 and 302 may be performed on the message sending side in advance.
  • 303. When entering an rth time sub-segment of an ith time segment, the security device generates an update parameter and sends an update message that carries the update parameter to a user equipment.
  • The update parameter includes a first update parameter and a second update parameter.
  • The second update parameter is a third random parameter randomly selected from a preset value set.
  • Specifically, when r is 0, the update parameter is generated according to a first parameter generation formula by using a device's private key of the rth time sub-segment of the ith time segment, a device's private key of the last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment.
  • The first parameter generation formula is:

  • SKR i,r =b i,r H 1(i,r)−b i-1,RN[i-1] H 1(i−1,RN[i−1]), where:
  • bi,r=bi-1,RN[i-1]+δ, and δ is the third random parameter.
  • When r is greater than 0, the update parameter is generated according to a second parameter generation formula by using the device's private key of the rth time sub-segment of the ith time segment, a device's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment.
  • The second parameter generation formula is:

  • SKR i,r =b i,r H 1(i,r)−b i,r-1 H 1(i,r−1), where:

  • b i,r =b i,r-1+δ.
  • For detailed description of each parameter, reference may be made to the description in the foregoing embodiment, which is not repeatedly described herein.
  • 304. The user equipment obtains a first update parameter and a second update parameter of the rth time sub-segment of the ith time segment.
  • 305. When r is 0, generate a user's private key of the rth time sub-segment of the ith time segment according to a first private key update formula by using the first update parameter and the second update parameter that are generated by the security device, a first private key parameter and a second private key parameter of the last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment.
  • The first private key update formula may be:

  • S i,r =S i-1,RN[i-1] +SKR i,r −σH 1(i,r)+u i-1,RN[i-1](H 1(i,r)−H 1(i−1,RN[i−1])); and

  • u i,r =u i-1,RN[i-1]−σ.
  • Because the second update parameter is the third random parameter, the parameter δ is the same as the parameter σ in this case.
  • 306. When r is greater than 0, generate the user's private key of the rth time sub-segment of the ith time segment according to a second private key update formula by using the first update parameter and the second update parameter that are generated by the security device, a first private key parameter and a second private key parameter of the (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th of time sub-segment of the ith time segment.
  • The second private key update formula may be:

  • S i,r =S i,r-1 +SKR i,r −σH 1(i,r)+u i,r-1(H 1(i,r)−H 1(i,r−1)); and

  • u i,r =u i,r-1−σ.
  • 307. Receive a ciphertext generated by encrypting target data by using a user's public key and a target time index value.
  • 308. Decrypt the ciphertext by using a user's private key corresponding to the target time index value, so as to obtain the target data.
  • For operations of steps 307 to 308, refer to the description in steps 205 to 206 in the foregoing embodiment.
  • This embodiment implements simple and efficient key update, and is highly flexible and may be applicable to scenarios in which the life cycle of a key is of any length.
  • For ease of description, each of the foregoing method embodiments is described as a combination of a series of actions. However, a person skilled in the art should understand that the present application is not limited to the sequence of the described actions, because certain steps according to the present application may be performed in other sequences or concurrently. In addition, a person skilled in the art should also understand that the embodiments described herein are exemplary embodiments, and the involved actions and modules mentioned are not necessarily required by the present application.
  • FIG. 4 is a schematic structural diagram of an embodiment of a key processing apparatus according to an embodiment of the present application. This apparatus may include:
  • an obtaining unit 401, configured to obtain a private key update message provided by a security device, where the private key update message includes an update parameter generated when the security device enters an rth time sub-segment of an ith time segment, where i and r represent time index values and both are integers greater than or equal to 0;
  • a first updating unit 402, configured to: generate, when r is 0, a user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and
  • a second updating unit 403, configured to: generate, when r is greater than 0, the user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where:
  • a user's private key of a 0th time sub-segment of a 0th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group of bilinear mapping and is obtained by performing a Hash operation on a time index value of the 0th time sub-segment of the 0th time segment.
  • In this embodiment, a user's private key of a 0th time sub-segment of a 0th time segment is generated by using a preset value set and data in a first cyclic group of bilinear mapping; when an update parameter of a security device is received upon entry into an rth time sub-segment of an ith time segment, a user's private key of the rth time sub-segment of the ith time segment can be generated by using a user's private key, the update parameter, and a time index value that are of an (r−1)th time sub-segment of an ith time segment or a last time sub-segment of an (i−1)th time segment. The user's private key of the 0th time sub-segment of the 0th time segment is generated by using the preset value set and the data in the first cyclic group of bilinear mapping. A bit length of a user's private key generated by using bilinear mapping is short, which simplifies calculation. In key updating, a private key can be updated by using a parameter of a time sub-segment previous to a current time sub-segment, which is simple and highly efficient. In addition, the update and the generation of the private key are irrelevant to a life cycle of the key, and can be implemented only by using a time index value. Therefore, the life cycle of the key can be changed according to an actual application condition, which improves flexibility of updating the key.
  • In another embodiment, the update parameter of the rth time sub-segment of the ith time segment is generated by the security device by using a device's private key of the rth time sub-segment of the ith time segment, where a device's private key of the 0th time sub-segment of the 0th time segment is a second random parameter randomly selected from the preset value set; and the device's private key of the rth time sub-segment of the ith time segment is generated by using a device's private key of the (r−1)th time sub-segment of the ith time segment or the last time sub-segment of the (i−1)th time segment, and a third random parameter randomly selected from the preset value set.
  • Therefore, the user's private key of the 0th time sub-segment of the 0th time segment is specifically generated by using the first random parameter, the device's private key of the 0th time sub-segment of the 0th time segment, and the key Hash value.
  • In still another embodiment, a user's private key includes a first private key parameter and a second private key parameter, and the update parameter includes a first update parameter and a second update parameter.
  • The first updating unit may be specifically configured to: obtain, when r is 0, element data by performing a Hash operation on the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, where the element data belongs to the first cyclic group; generate a first private key parameter of the rth time sub-segment of the ith time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, and a first private key parameter and a second private key parameter of the last time sub-segment of the (i−1)th time segment; and, generate a second private key parameter of the rth time sub-segment of the ith time segment by using the second update parameter generated when the security device enters the rth time sub-segment of the ith time segment and the second private key parameter of the last time sub-segment of the (i−1)th time segment.
  • The second updating unit may be specifically configured to: obtain, when r is greater than 0, the element data by performing a Hash operation on the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where the element data belongs to the first cyclic group; generate the first private key parameter of the rth time sub-segment of the ith time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, and a first private key parameter and a second private key parameter of the (r−1)th time sub-segment of the ith time segment; and generate the first private key parameter of the rth time sub-segment of the ith time segment by using the second private key parameter of the (r−1)th time sub-segment of the ith time segment and the second update parameter generated when the security device enters the rth time sub-segment of the ith time segment.
  • In yet another embodiment, the first updating unit may be specifically configured to: generate, when r is 0, the user's private key of the rth time sub-segment of the ith time segment according to a first private key update formula by using the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, the first private key parameter and the second private key parameter of the last time sub-segment of the (i−1)th time segment, and the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment.
  • The first private key update formula includes:

  • S i,r =S i-1,RN[i-1] +SKR i,r −σH 1(i,r)+u i-1,RN[i-1](H 1(i,r)−H 1(i−1,RN[i−1])); and

  • u i,r =u i-1,RN[i-1]−σ.
  • The second updating unit may be specifically configured to: when r is greater than 0, generate the user's private key of the rth time sub-segment of the ith time segment according to a second private key update formula by using the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, the first private key parameter and the second private key parameter of the (r−1)th time sub-segment of the ith time segment, and the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment.
  • The second private key update formula is:

  • S i,r =S i,r-1 +SKR i,r −σH 1(i,r)+u i,r-1(H 1(i,r)−H 1(i,r−1)); and

  • u i,r =u i,r-1−σ, where:
  • the user's private key of the 0th time sub-segment of the 0th time segment is specifically generated according to a key generation formula by using the first random parameter, the device's private key of the 0th time sub-segment of the 0th time segment, and a Hash value.
  • The key generation formula is:

  • S 0,0 =u 0,0 H 1(0,0)+b 0,0 H 1(0,0)
  • The second update parameter is the third random parameter.
  • When r is 0, the first update parameter is specifically generated by the security device according to a first parameter generation formula by using the device's private key of the rth time sub-segment of the ith time segment, a device's private key of the last time sub-segment of the (i−1)th time segment, and the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment.
  • The first parameter generation formula is:

  • SKR i,r =b i,r H 1(i,r)−b i-1,RN[i-1] H 1(i−1,RN[i−1]), where:
  • bi,r represents the device's private key of the rth time sub-segment of the ith time segment, bi-1,RN[i-1] represents the device's private key of the last time sub-segment of the (i−1)th time segment, bi,r=bi-1,RN[i-1]+δ, and δ is the third random parameter.
  • When r is greater than 0, the first update parameter is specifically generated by the security device according to a second parameter generation formula by using the device's private key of the rth time sub-segment of the ith time segment, a device's private key of the (r−1)th time sub-segment of the ith time segment, and the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment.
  • The second parameter generation formula is:

  • SKR i,r =b i,r H 1(i,r)−b i,r-1 H 1(i,r−1), where:
  • bi,r-1 represents the device's private key of the (r−1)th time sub-segment of the ith time segment, and bi,r=bi,r-1+δ.
  • In still another embodiment, the apparatus may further include:
  • a cyclic group generating unit 404, configured to generate a qth-order first cyclic group G1 and a qth-order second cyclic group G2 according to a security parameter k, so that the two qth-order cyclic groups satisfy bilinear mapping e: G1×G1→G2, where q is a prime number, and k is a bit length of q, where:
  • the preset value set is Z*q, where Z*q represents a remainder set that does not include a value 0 and is obtained by performing a modulo operation between an integer set Z and q; and
  • a decrypting unit 405, configured to: decrypt, when a ciphertext obtained by encrypting target data by using a public key and a target time index value is received, the ciphertext by using a user's private key corresponding to the target time index value, so as to obtain the target data, where:
  • the public key may be generated according to a public key generation formula by using a generator of the first cyclic group, and the device's private key and the first private key parameter of the 0th time sub-segment of the 0th time segment, where the public key generation formula is:

  • PK B =b 0,0 P, P pub =u 0,0 P, where:
  • PKB is a first public key parameter, Ppub is a second public key parameter, and P is the generator of the first cyclic group.
  • The ciphertext is specifically obtained according to an encryption algorithm, where the encryption formula is:

  • V=M⊕H 2(e(P pub +PK B ,H 1(i,r))x); and

  • U=xP, where:
  • x is a fourth random parameter randomly selected from the preset value set, M is the target data, the ciphertext includes U, V, i, and r; and H2(e(Ppub+PKB,H1(i,r))x) represents element data that belongs to the second cyclic group and is obtained by performing a Hash operation on e(Ppub+PKB, H1(i,r))x.
  • Therefore, the decrypting unit may be specifically configured to obtain the target data according to a decryption formula by using a user's private key corresponding to the time index value, where the decryption formula is:

  • M=V⊕H 2(e(U,S i,r)).
  • The key processing apparatus in the foregoing embodiment may be integrated into a user equipment in practical application, where the user equipment may be a radio communications device, for example, may be a mobile device such as a mobile phone and a tablet computer. The user equipment equipped with the key processing apparatus of this embodiment of the present application can implement update of a private key simply and efficiently, and ensure security of cryptosystem.
  • It may be learned from the foregoing description that, a person skilled in the art may clearly understand that the present application may be implemented by using software in addition to a necessary universal hardware platform. Therefore, referring to FIG. 5, an embodiment of the present application further provides a user equipment. The user equipment may include at least a processor 501, and a memory 502 and a receiver 503 that are connected to the processor 501 separately by using a bus.
  • The memory 502 stores a group of program instructions, and this memory may be a high-speed RAM memory and may also be a non-volatile memory (non-volatile memory), such as, at least one disk memory.
  • The processor 501 is configured to invoke the program instructions stored in the memory 502 to execute the following operations:
  • triggering the receiver 503 to obtain a private key update message provided by a security device, where the private key update message includes an update parameter generated when the security device enters an rth time sub-segment of an ith time segment, where i and r represent time index values and both are integers greater than or equal to 0;
  • generating, when r is 0, a user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and
  • generating, when r is greater than 0, the user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where:
  • a user's private key of a 0th time sub-segment of a 0th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group of bilinear mapping and is obtained by performing a Hash operation on a time index value of the 0th time sub-segment of the 0th time segment.
  • FIG. 6 is a schematic structural diagram of another embodiment of a key processing apparatus according to an embodiment of the present application. This apparatus may include:
  • an update parameter generating unit, configured to: generate an update parameter upon entry into an rth time sub-segment of an ith time segment, and send the update parameter to a user equipment, where the update parameter is used to instruct the user equipment to: when r is 0, generate a user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and, when r is greater than 0, generate the user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where:
  • a user's private key of a 0th time sub-segment of a 0th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group and is obtained by performing a Hash operation on a time index value of the 0th time sub-segment of the 0th time segment.
  • The update parameter of the rth time sub-segment of the ith time segment may be specifically generated by the security device by using a device's private key of the rth time sub-segment of the ith time segment, where a device's private key of the 0th time sub-segment of the 0th time segment is a second random parameter randomly selected from the preset value set; and the device's private key of the rth time sub-segment of the ith time segment is generated by using a device's private key of the (r−1)th time sub-segment of the ith time segment or the last time sub-segment of the (i−1)th time segment, and a third random parameter randomly selected from the preset value set.
  • In a possible implementation manner, the update parameter may specifically include a first update parameter and a second update parameter, and a user's private key includes a first private key parameter and a second private key parameter. Therefore, the update parameter generating unit 601 may include:
  • a first generating unit 6011, configured to: generate, when r is 0, the update parameter according to a first parameter generation formula by using a device's private key of the rth time sub-segment of the ith time segment, a device's private key of the last time sub-segment of the (i−1)th time segment, and the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, where: the first parameter generation formula is:

  • SKR i,r =b i,r H 1(i,r)−b i-1,RN[i-1] H 1(i−1,RN[i−1]), where:
  • bi,r represents the device's private key of the rth time sub-segment of the ith time segment, bi-1,RN[i-1] represents the device's private key of the last time sub-segment of the (i−1)th time segment, bi,r=bi-1,RN[i-1]+δ, and δ is a third random parameter randomly selected from the preset value set; and
  • a second generating unit 6012, configured to: generate, when the time index value r is greater than 0, the update parameter according to a second parameter generation formula by using the device's private key of the rth time sub-segment of the ith time segment, the device's private key of the (r−1)th time sub-segment of the ith time segment, and the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where:
  • the second parameter generation formula is:

  • SKR i,r =b i,r H 1(i,r)−b i,r-1 H 1(i,r−1), where:
  • bi,r-1 represents the device's private key of the (r−1)th time sub-segment of the ith time segment, and bi,r=bi,r-1+δ.
  • The first update parameter and the second update parameter may be specifically used to trigger the user equipment to: when r is 0, generate the user's private key of the rth time sub-segment of the ith time segment according to a first private key update formula by using the first update parameter and the second update parameter, the first private key parameter and the second private key parameter of the last time sub-segment of the (i−1)th time segment, and the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, where:
  • the first private key update formula includes:

  • S i,r =S i-1,RN[i-1] +SKR i,r −σH 1(i,r)+u i-1,RN[i-1](H 1(i,r)−H 1(i−1,RN[i−1])); and

  • u i,r u i-1,RN[i-1]−σ; and
  • when r is greater than 0, generate the user's private key of the rth time sub-segment of the ith time segment according to a second private key update formula by using the first update parameter and the second update parameter, the first private key parameter and the second private key parameter of the (r−1)th time sub-segment of the ith time segment, and the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where:
  • the second private key update formula is:

  • S i,r =S i,r-1 +SKR i,r −σH 1(i,r)+u i,r-1(H 1(i,r)−H 1(i,r−1));

  • u i,r =u i,r-1−σ, where:
  • the user's private key of the 0th time sub-segment of the 0th time segment is specifically generated according to a key generation formula by using the first random parameter, the device's private key of the 0th time sub-segment of the 0th time segment, and the key Hash value, where:
  • the key generation formula is:

  • S 0,0 =u 0,0 H 1(0,0)+b 0,0 H 1(0,0), where:
  • σ is the same as δ.
  • In this embodiment, by using an update parameter of an rth time sub-segment of an ith time segment, a user equipment is triggered to update a user's private key, which makes key update simple, efficient, and highly flexible.
  • A key processing apparatus in the foregoing embodiment may be integrated into a security device in practical application. This security device may be applicable to a service system that requires cryptosystem, such as a service system of a mobile operator, a public security system, a financial system, and the like, so that an update parameter may be generated in each time sub-segment of different time segments, and a user equipment is triggered to update a key, so that an operation of updating the key is simple, efficient, and highly flexible.
  • It may be learned from the foregoing description that, a person skilled in the art may clearly understand that the present application may be implemented by using software in addition to a necessary universal hardware platform. Therefore, referring to FIG. 7, an embodiment of the present application further provides a security device. The security device includes at least a processor 701, and a memory 702 and a sender 703 that are connected to the processor 701 separately by using a bus.
  • The memory 702 stores a group of program instructions, and this memory may be a high-speed RAM memory and may also be a non-volatile memory (non-volatile memory), such as, at least one disk memory.
  • The processor 701 is configured to invoke the program instructions stored in the memory 702 to execute the following operations:
  • upon entry into an rth time sub-segment of an ith time segment, generating an update parameter and triggering the sender 703 to send an update message that carries the update parameter to a user equipment, where the update message is used to instruct the user equipment to: when r is 0, generate a user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and, when r is greater than 0, generate the user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, where:
  • a user's private key of a 0th time sub-segment of a 0th time segment is generated by using a first random parameter and a key Hash value, where the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group and is obtained by performing a Hash operation on a time index value of the 0th time sub-segment of the 0th time segment.
  • The processor may be a central processing unit CPU, or an application specific integrated circuit ASIC (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement this embodiment of the present invention.
  • The embodiments of the present specification are described in a progressive manner. The focus of each embodiment is placed on a difference from other embodiments. The same or similar parts of the embodiments can be referenced mutually. The apparatus disclosed in the embodiments is described relatively simply because it corresponds to the method disclosed in the embodiments, and for portions related to those of the method, reference may be made to the description of the method.
  • Finally, it should be noted that in this specification, relational terms such as first and second are used only to differentiate an entity or operation from another entity or operation, and do not necessarily require or imply that any actual relationship or sequence exists between these entities or operations. Moreover, the terms “include”, “comprise”, or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, a method, an article, or an apparatus that includes a series of elements not only includes those elements but may also include other elements which are not expressly listed, or also include elements inherent to such process, method, article, or apparatus. Without being subject to further limitations, an element defined by a phrase “including a . . . ” does not exclude presence of other identical elements in the process, method, article, or device that includes the very element.
  • For ease of description, the foregoing apparatus is described by dividing the functions into various units. Surely, when the present application is implemented, the functions of each unit may be implemented in one or more pieces of software and/or hardware.
  • It may be learned from description of the foregoing implementation manners that, a person skilled in the art may clearly understand that the present application may be implemented by using software in addition to a necessary universal hardware platform. Based on such an understanding, the technical solutions of the present application essentially or the part contributing to the prior art may be implemented in a form of a software product. The software product may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, or an optical disc, and includes several instructions for instructing a computer device (which may be a personal computer, a server, or a network device) to perform the methods described in the embodiments or in some parts of the embodiments of the present application.
  • The embodiments disclosed above are described to enable a person skilled in the art to implement or use the present application. Various modifications made to the embodiments will be obvious to a person skilled in the art, and the general principles defined herein may also be implemented in other embodiments without departing from the spirit or scope of the present application. Therefore, the present application is not intended to be limited to these embodiments illustrated herein, but shall be construed in the widest scope consistent with the principles and novel features disclosed herein.

Claims (17)

What is claimed is:
1. A key processing method, comprising:
obtaining, by a user equipment, a private key update message provided by a security device, wherein the private key update message comprises an update parameter generated when the security device enters an rth time sub-segment of an ith time segment, wherein i and r represent time index values and both are integers greater than or equal to 0;
generating, when r is 0, a user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and
generating, when r is greater than 0, the user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, wherein:
a user's private key of a 0th time sub-segment of a 0th time segment is generated by using a first random parameter and a key Hash value, wherein the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group of bilinear mapping and is obtained by performing a Hash operation on a time index value of the 0th time sub-segment of the 0th time segment.
2. The method according to claim 1, wherein the update parameter of the rth time sub-segment of the ith time segment is generated by the security device by using a device's private key of the rth time sub-segment of the ith time segment, wherein a device's private key of the 0th time sub-segment of the 0th time segment is a second random parameter randomly selected from the preset value set;
the device's private key of the rth time sub-segment of the ith time segment is generated by using a device's private key of the (r−1)th time sub-segment of the ith time segment or the last time sub-segment of the (i−1)th time segment, and a third random parameter randomly selected from the preset value set; and
therefore, the user's private key of the 0th time sub-segment of the 0th time segment is specifically generated by using the first random parameter, the device's private key of the 0th time sub-segment of the 0th time segment, and the key Hash value.
3. The method according to claim 1, wherein a user's private key comprises a first private key parameter and a second private key parameter, and the update parameter comprises a first update parameter and a second update parameter;
the generating, when r is 0, a user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, comprises:
obtaining, when r is 0, element data by performing a Hash operation on the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, wherein the element data belongs to the first cyclic group; generating a first private key parameter of the rth time sub-segment of the ith time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, and a first private key parameter and a second private key parameter of the last time sub-segment of the (i−1)th time segment; and
generating a second private key parameter of the rth time sub-segment of the ith time segment by using the second update parameter generated when the security device enters the rth time sub-segment of the ith time segment and the second private key parameter of the last time sub-segment of the (i−1)th time segment; and
the generating, when r is greater than 0, the user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, comprises:
obtaining, when r is greater than 0, the element data by performing a Hash operation on the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, wherein the element data belongs to the first cyclic group; generating the first private key parameter of the rth time sub-segment of the ith time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, and a first private key parameter and a second private key parameter of the (r−1)th time sub-segment of the ith time segment; and
generating the second private key parameter of the rth time sub-segment of the ith time segment by using the second private key parameter of the (r−1)th time sub-segment of the ith time segment and the second update parameter generated when the security device enters the rth time sub-segment of the ith time segment.
4. The method according to claim 3, wherein: the obtaining, when r is 0, element data by performing a Hash operation on the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, wherein the element data belongs to the first cyclic group; generating a first private key parameter of the rth time sub-segment of the ith time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, and a first private key parameter and a second private key parameter of the last time sub-segment of the (i−1)th time segment; and
generating a second private key parameter of the rth time sub-segment of the ith time segment by using the second private key parameter of the last time sub-segment of the (i−1)th time segment and the second update parameter generated when the security device enters the rth time sub-segment of the ith time segment, comprises:
generating, when r is 0, the user's private key of the rth time sub-segment of the ith time segment according to a private key update formula by using the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, the first private key parameter and the second private key parameter of the last time sub-segment of the (i−1)th time segment, and the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, wherein:
the private key update formula comprises:

S i,r =S i-1,RN[i-1] +SKR i,r −σH 1(i,r)+u i-1,RN[i-1](H 1(i,r)−H 1(i−1,RN[i−1])); and

u i,r =u i-1,RN[i-1]−σ, wherein:
Si,r represents the first private key parameter of the rth time sub-segment of the ith time segment, and ui,r represents the second private key parameter of the rth time sub-segment of the ith time segment;
SKRi,r represents the first update parameter of the rth time sub-segment of the ith time segment, and σ represents the second update parameter of the rth time sub-segment of the ith time segment;
RN[i−1] represents the time index value of the last time sub-segment of the (i−1)th time segment;
H1(i,r) represents the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values i and r, and H1(i−1,RN[i−1]) represents the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values i−1 and RN[i−1];
the obtaining, when r is greater than 0, the element data by performing a Hash operation on the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, wherein the element data belongs to the first cyclic group; generating the first private key parameter of the rth time sub-segment of the ith time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, and a first private key parameter and a second private key parameter of the (r−1)th time sub-segment of the ith time segment; and
generating the second private key parameter of the rth time sub-segment of the ith time segment by using the second private key parameter of the (r−1)th time sub-segment of the ith time segment and the second update parameter, comprises:
generating, when r is greater than 0, the user's private key of the rth time sub-segment of the ith time segment according to a private key refresh formula by using the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, the first private key parameter and the second private key parameter of the (r−1)th time sub-segment of the ith time segment, and the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, wherein:
the private key refresh formula comprises:

S i,r =S i,r-1 +SKR i,r σH 1(i,r)+u i,r-1(H 1(i,r)−H 1(i,r−1)); and

u i,r =u i,r-1−σ, wherein:
H1(i,r−1) represents the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values i and r−1; and
the user's private key of the 0th time sub-segment of the 0th time segment is specifically generated according to a key generation formula by using the first random parameter, the device's private key of the 0th time sub-segment of the 0th time segment, and the key Hash value, wherein:
the key generation formula is:

S 0,0 =u 0,0 H 1(0,0)+b 0,0 H 1(0,0), wherein:
S0,0 represents a first private key parameter of the 0th time sub-segment of the 0th time segment, u0,0 is the first random parameter, wherein the first random parameter is a second private key parameter of the 0th time sub-segment of the 0th time segment, H1(0,0) is a Hash value of the 0th time sub-segment of the 0th time segment, and b0,0 is the device's private key of the 0th time sub-segment of the 0th time segment.
5. The method according to claim 3, wherein the second update parameter is the third random parameter;
when r is 0, the first update parameter is specifically generated by the security device according to a first parameter generation formula by using the device's private key of the rth time sub-segment of the ith time segment, the device's private key of the last time sub-segment of the (i−1)th time segment, and the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, wherein:
the first parameter generation formula is:

SKR i,r =b i,r H 1(i,r)−b i-1,RN[i-1] H 1(i−1,RN[i−1]), wherein:
bi,r represents the device's private key of the rth time sub-segment of the ith time segment, bi-1,RN[i-1] represents the device's private key of the last time sub-segment of the (i−1)th time segment, bi,r=bi-1,RN[i-1]+δ, and δ is the third random parameter; and
when r is greater than 0, the first update parameter is specifically generated by the security device according to a second parameter generation formula by using the device's private key of the rth time sub-segment of the ith time segment, the device's private key of the (r−1)th time sub-segment of the ith time segment, and the element data that belongs to the first cyclic group and is obtained by performing a Hash operation on the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, wherein:
the second parameter generation formula is:

SKR i,r =b i,r H 1(i,r)−b i,r-1 H 1(i,r−1), wherein:
bi,r-1 represents the device's private key of the (r−1)th time sub-segment of the ith time segment, and bi,r=bi,r-1+δ.
6. The method according to claim 1, wherein before the obtaining a private key update message provided by a security device, the method further comprises:
obtaining a qth-order first cyclic group G1 and a qth-order second cyclic group G2 that are generated according to a security parameter k, wherein the two qth-order cyclic groups satisfy bilinear mapping e: G1×G1→G2, wherein q is a prime number, and k is a bit length of q, wherein:
the preset value set is Z*q, wherein Z*q represents a remainder set that does not comprise a value 0 and is obtained by performing a modulo operation between an integer set Z and q.
7. The method according to claim 1, wherein the method further comprises:
decrypting, when a ciphertext obtained by encrypting target data by using a user's public key and a target time index value is received, the ciphertext by using a user's private key corresponding to the target time index value, so as to obtain the target data.
8. The method according to claim 7, wherein the user's public key is generated according to a public key generation formula by using a generator of the first cyclic group, and the device's private key and the first private key parameter of the 0th time sub-segment of the 0th time segment, wherein the public key generation formula is:

PK B =b 0,0 P, P pub =u 0,0 P, wherein:
PKB is a first public key parameter, Ppub is a second public key parameter, and P is the generator of the first cyclic group;
therefore, the ciphertext is specifically obtained according to an encryption formula, wherein the encryption formula is:

V=M⊕H 2(e(P pub +PK B ,H 1(i,r))x); and

U=xP, wherein:
x is a fourth random parameter randomly selected from the preset value set, M is the target data, the ciphertext comprises U, V, i, and r; and H2(e(Ppub+PKB,H1(i,r))x) represents element data that belongs to the second cyclic group and is obtained by performing a Hash operation on e(Ppub+PKB,H1(i,r))x;
therefore, the decrypting the ciphertext by using a user's private key corresponding to the time index value, so as to obtain the target data, is specifically: obtaining the target data according to a decryption formula by using the user's private key corresponding to the time index value, wherein the decryption formula is:

M=V⊕H 2(e(U,S i,r)), wherein:
H2(e(U,Si,r)) represents the element data that belongs to the second cyclic group and is obtained by performing a Hash operation on e(U,Si,r).
9. A key processing method, comprising:
generating an update parameter when a security device enters an rth time sub-segment of an ith time segment, and sending an update message that carries the update parameter to a user equipment, wherein the update message is used to instruct the user equipment to: when r is 0, generate a user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and, when r is greater than 0, generate the user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, wherein:
a user's private key of a 0th time sub-segment of a 0th time segment is generated by using a first random parameter and a key Hash value, wherein the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group and is obtained by performing a Hash operation on a time index value of the 0th time sub-segment of the 0th time segment.
10. The method according to claim 9, wherein the update parameter comprises a first update parameter and a second update parameter, and a user's private key comprises a first private key parameter and a second private key parameter, and
therefore, the generating an update parameter when a security device enters an rth time sub-segment of an ith time segment comprises:
generating, when r is 0, the update parameter according to a first parameter generation formula by using a device's private key of the rth time sub-segment of the ith time segment, a device's private key of the last time sub-segment of the (i−1)th time segment, and the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, wherein:
the first parameter generation formula is:

SKR i,r =b i,r H 1(i,r)−b i-1,RN[i-1] H 1(i−1,RN[i−1]), wherein:
bi,r represents the device's private key of the rth time sub-segment of the ith time segment, bi-1,RN[i-1] represents the device's private key of the last time sub-segment of the (i−1)th time segment, bi,r=bi-1,RN[i-1]+δ, and δ is a third random parameter randomly selected from the preset value set; and
generating, when r is greater than 0, the update parameter according to a second parameter generation formula by using the device's private key of the rth time sub-segment of the ith time segment, the device's private key of the (r−1)th time sub-segment of the ith time segment, and the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, wherein:
the second parameter generation formula is:

SKR i,r =b i,r H 1(i,r)−b i,r-1 H 1(i,r−1), wherein:
bi,r-1 represents the device's private key of the (r−1)th time sub-segment of the ith time segment, and bi,r=bi,r-1+δ.
11. A key processing apparatus, comprising:
an obtaining unit, configured to obtain a private key update message provided by a security device, wherein the private key update message comprises an update parameter generated when the security device enters an rth time sub-segment of an ith time segment, wherein i and r represent time index values and both are integers greater than or equal to 0;
a first updating unit, configured to: generate, when r is 0, a user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and
a second updating unit, configured to: generate, when r is greater than 0, the user's private key of the rth time sub-segment of the ith time segment by using the update parameter generated when the security device enters the rth time sub-segment of the ith time segment, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, wherein:
a user's private key of a 0th time sub-segment of a 0th time segment is generated by using a first random parameter and a key Hash value, wherein the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group of bilinear mapping and is obtained by performing a Hash operation on a time index value of the 0th time sub-segment of the 0th time segment.
12. The apparatus according to claim 11, wherein the update parameter of the rth time sub-segment of the ith time segment is generated by the security device by using a device's private key of the rth time sub-segment of the ith time segment, wherein a device's private key of the 0th time sub-segment of the 0th time segment is a second random parameter randomly selected from the preset value set; and the device's private key of the rth time sub-segment of the ith time segment is generated by using a device's private key of the (r−1)th time sub-segment of the ith time segment or the last time sub-segment of the (i−1)th time segment, and a third random parameter randomly selected from the preset value set; and
therefore, the user's private key of the 0th time sub-segment of the 0th time segment is specifically generated by using the first random parameter, the device's private key of the 0th time sub-segment of the 0th time segment, and the key Hash value.
13. The apparatus according to claim 11, wherein a user's private key comprises a first private key parameter and a second private key parameter, and the update parameter comprises a first update parameter and a second update parameter;
the first updating unit is specifically configured to: obtain, when r is 0, element data by performing a Hash operation on the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, wherein the element data belongs to the first cyclic group; generate a first private key parameter of the rth time sub-segment of the ith time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, and a first private key parameter and a second private key parameter of the last time sub-segment of the (i−1)th time segment; and, generate a second private key parameter of the rth time sub-segment of the ith time segment by using the second update parameter generated when the security device enters the rth time sub-segment of the ith time segment and the second private key parameter of the last time sub-segment of the (i−1)th time segment; and
the second updating unit is specifically configured to: obtain, when r is greater than 0, the element data by performing a Hash operation on the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, wherein the element data belongs to the first cyclic group; generate the first private key parameter of the rth time sub-segment of the ith time segment by using the element data, the first update parameter and the second update parameter that are generated when the security device enters the rth time sub-segment of the ith time segment, and a first private key parameter and a second private key parameter of the (r−1)th time sub-segment of the ith time segment; and generate the second private key parameter of the rth time sub-segment of the ith time segment by using the second private key parameter of the (r−1)th time sub-segment of the ith time segment and the second update parameter generated when the security device enters the rth time sub-segment of the ith time segment.
14. The apparatus according to claim 11, further comprising:
a cyclic group generating unit, configured to generate a qth-order first cyclic group G1 and a qth-order second cyclic group G2 according to a security parameter k, so that the two qth-order cyclic groups satisfy bilinear mapping e: G1×G1→G2, wherein q is a prime number, and k is a bit length of q, wherein
the preset value set is Z*q, wherein Z*q represents a remainder set that does not comprise a value 0 and is obtained by performing a modulo operation between an integer set Z and q.
15. The apparatus according to claim 14, further comprising:
a decrypting unit, configured to: decrypt, when a ciphertext obtained by encrypting target data by using a public key and a target time index value is received, the ciphertext by using a user's private key corresponding to the target time index value, so as to obtain the target data.
16. A key processing apparatus, comprising:
an update parameter generating unit, configured to: generate an update parameter upon entry into an rth time sub-segment of an ith time segment, and send the update parameter to a user equipment, wherein the update parameter is used to instruct the user equipment to: when r is 0, generate a user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of a last time sub-segment of an (i−1)th time segment, and time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment; and, when r is greater than 0, generate the user's private key of the rth time sub-segment of the ith time segment by using the update parameter, a user's private key of an (r−1)th time sub-segment of the ith time segment, and time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, wherein:
a user's private key of a 0th time sub-segment of a 0th time segment is generated by using a first random parameter and a key Hash value, wherein the first random parameter is randomly selected from a preset value set, and the key Hash value is element data that belongs to a first cyclic group and is obtained by performing a Hash operation on a time index value of the 0th time sub-segment of the 0th time segment.
17. The apparatus according to claim 16, wherein the update parameter comprises a first update parameter and a second update parameter, and a user's private key comprises a first private key parameter and a second private key parameter, and
the update parameter generating unit comprises:
a first generating unit, configured to: generate, when r is 0, the update parameter according to a first parameter generation formula by using a device's private key of the rth time sub-segment of the ith time segment, a device's private key of the last time sub-segment of the (i−1)th time segment, and the time index values of the rth time sub-segment of the ith time segment and the last time sub-segment of the (i−1)th time segment, wherein:
the first parameter generation formula is:

SKR i,r =b i,r H 1(i,r)−b i-1,RN[i-1] H 1(i−1,RN[i−1]), wherein:
bi,r represents the device's private key of the rth time sub-segment of the ith time segment, bi-1,RN[i-1] represents the device's private key of the last time sub-segment of the (i−1)th time segment, bi,r=bi-1,RN[i-1]+δ, and δ is a third random parameter selected randomly from the preset value set; and
a second generating unit, configured to: generate, when the time index value r is greater than 0, the update parameter according to a second parameter generation formula by using the device's private key of the rth time sub-segment of the ith time segment, the device's private key of the (r−1)th time sub-segment of the ith time segment, and the time index values of the rth time sub-segment and the (r−1)th time sub-segment of the ith time segment, wherein:
the second parameter generation formula is:

SKR i,r =b i,r H 1(i,r)−b i,r-1 H 1(i,r−1), wherein:
bi,r-1 represents the device's private key of the (r−1)th time sub-segment of the ith time segment, and bi,r=bi,r-1+δ.
US14/577,739 2013-12-30 2014-12-19 Key processing method and apparatus Abandoned US20150188703A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310746982.4A CN104753666B (en) 2013-12-30 2013-12-30 Cipher key processing method and device
CN201310746982.4 2013-12-30

Publications (1)

Publication Number Publication Date
US20150188703A1 true US20150188703A1 (en) 2015-07-02

Family

ID=52272891

Family Applications (1)

Application Number Title Priority Date Filing Date
US14/577,739 Abandoned US20150188703A1 (en) 2013-12-30 2014-12-19 Key processing method and apparatus

Country Status (3)

Country Link
US (1) US20150188703A1 (en)
EP (1) EP2890047B1 (en)
CN (1) CN104753666B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10116645B1 (en) 2015-03-30 2018-10-30 Amazon Technologies, Inc. Controlling use of encryption keys
US10154013B1 (en) * 2015-03-13 2018-12-11 Amazon Technologies, Inc. Updating encrypted cryptographic key
US11057198B2 (en) * 2016-03-04 2021-07-06 Assured Enterprises, Inc. Utilization of a proxy technique in escrow encryption key usage

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306726B (en) * 2017-01-13 2021-09-17 杭州海康威视数字技术股份有限公司 Secret key obtaining method and system
CN108234662A (en) * 2018-01-09 2018-06-29 江苏徐工信息技术股份有限公司 A kind of secure cloud storage method with active dynamic key distribution mechanisms
CN118520478A (en) * 2024-05-28 2024-08-20 北京点控互联信息技术有限公司 Efficient encryption method for financial data based on blockchain

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070230705A1 (en) * 2005-08-23 2007-10-04 Ntt Docomo, Inc. Key-updating method, encryption processing method, key-insulated cryptosystem and terminal device
US20150055778A1 (en) * 2011-12-29 2015-02-26 George W. Cox Method and apparatus for a non-deterministic random bit generator (nrbg)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4328748B2 (en) * 2005-08-23 2009-09-09 株式会社エヌ・ティ・ティ・ドコモ Key update method, key-isolated encryption system, and terminal device
CN101267668B (en) * 2008-04-16 2015-11-25 中兴通讯股份有限公司 Key generation method, Apparatus and system
TWI375447B (en) * 2008-06-27 2012-10-21 Ind Tech Res Inst Multi-layer encryption and decryption system and method thereof
JP5077186B2 (en) * 2008-10-17 2012-11-21 富士通株式会社 COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070230705A1 (en) * 2005-08-23 2007-10-04 Ntt Docomo, Inc. Key-updating method, encryption processing method, key-insulated cryptosystem and terminal device
US20150055778A1 (en) * 2011-12-29 2015-02-26 George W. Cox Method and apparatus for a non-deterministic random bit generator (nrbg)

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Dodis et al., "Key-Insulated Public Key Cryptosystems", EUROCRYPT 2002, pp. 65-82, 2002 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10154013B1 (en) * 2015-03-13 2018-12-11 Amazon Technologies, Inc. Updating encrypted cryptographic key
US10116645B1 (en) 2015-03-30 2018-10-30 Amazon Technologies, Inc. Controlling use of encryption keys
US11057198B2 (en) * 2016-03-04 2021-07-06 Assured Enterprises, Inc. Utilization of a proxy technique in escrow encryption key usage

Also Published As

Publication number Publication date
EP2890047A1 (en) 2015-07-01
CN104753666A (en) 2015-07-01
CN104753666B (en) 2018-08-14
EP2890047B1 (en) 2016-09-21

Similar Documents

Publication Publication Date Title
US10785019B2 (en) Data transmission method and apparatus
US9949115B2 (en) Common modulus RSA key pairs for signature generation and encryption/decryption
US8429408B2 (en) Masking the output of random number generators in key generation protocols
US9608812B2 (en) Common secret key generation device, encryption device, decryption device, common secret key generation method, encryption method, decryption method, and program
CN112637836B (en) Data processing method and device, electronic equipment and storage medium
US20150188703A1 (en) Key processing method and apparatus
Saxena et al. Dynamic secrets and secret keys based scheme for securing last mile smart grid wireless communication
US20160119120A1 (en) Method and apparatus for public-key encrypted communication
US10826694B2 (en) Method for leakage-resilient distributed function evaluation with CPU-enclaves
US9584320B1 (en) Blinding function in elliptic curve cryptography
CN111404952B (en) Transformer substation data encryption transmission method and device, computer equipment and storage medium
Bali et al. Lightweight authentication for MQTT to improve the security of IoT communication
CN112165443A (en) Multi-key information encryption and decryption method and device and storage medium
CN109726567A (en) A kind of mobile target encryption method based on full homomorphic cryptography
JP6294882B2 (en) Key storage device, key storage method, and program thereof
US9215073B2 (en) Key insulation method and device
CA2742530C (en) Masking the output of random number generators in key generation protocols
WO2013045750A1 (en) Method and apparatus for improving digital signatures
Babu et al. Freestyle, a randomized version of ChaCha for resisting offline brute-force and dictionary attacks
Panda et al. An enhanced secure authentication and key agreement scheme for LTE networks
CN110536287A (en) A kind of forward secrecy implementation method and device
CN113783682B (en) Packaging-supporting threshold full homomorphic data packaging method
JP6404958B2 (en) Authentication system, method, program, and server
KR101523214B1 (en) Appratus, method and system for authenticating based on public key
Naik et al. Secure and Reliable Data Transfer on Android Mobiles Using AES and ECC Algorithm

Legal Events

Date Code Title Description
AS Assignment

Owner name: HUAWEI TECHNOLOGIES CO., LTD., CHINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:YU, JIA;CHENG, XIANGGUO;REEL/FRAME:034560/0805

Effective date: 20141205

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION